VYPR

Booking Calendar Contact Form

by WordPress

Source repositories

CVEs (11)

  • CVE-2016-20069HigJun 15, 2026
    risk 0.53cvss 8.2epss 0.00

    WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar…

  • CVE-2016-20068HigJun 15, 2026
    risk 0.53cvss 8.2epss 0.00

    WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the…

  • CVE-2016-20070MedJun 15, 2026
    risk 0.42cvss 6.4epss 0.00

    WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicious scripts by failing to verify user privileges and sanitize input parameters.…

  • CVE-2025-48231MedJul 4, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Booking Calendar Contact Form booking-calendar-contact-form allows Stored XSS.This issue affects Booking Calendar Contact Form: from n/a through <= 1.2.58.

  • CVE-2025-24723MedJan 24, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Booking Calendar Contact Form booking-calendar-contact-form allows Stored XSS.This issue affects Booking Calendar Contact Form: from n/a through <= 1.2.55.

  • CVE-2026-6810MedApr 24, 2026
    risk 0.34cvss 5.3epss 0.00

    The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the dex_bccf_admin_int_calendar_list.inc.php file due to missing validation on a user controlled key. This makes it possible…

  • CVE-2025-13318MedNov 22, 2025
    risk 0.34cvss 5.3epss 0.00

    The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks and payment verification in the `dex_bccf_check_IPN_verification` function. This makes it…

  • CVE-2023-25037MedDec 9, 2024
    risk 0.28cvss 4.3epss 0.01

    Missing Authorization vulnerability in CodePeople Booking Calendar Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar Contact Form: from n/a through 1.2.34.

  • CVE-2023-36384Jul 18, 2023
    risk 0.00cvss epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeople Booking Calendar Contact Form plugin <= 1.2.40 versions.

  • CVE-2016-10909Aug 21, 2019
    risk 0.00cvss epss 0.02

    The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection.

  • CVE-2016-10908Aug 21, 2019
    risk 0.00cvss epss 0.01

    The booking-calendar-contact-form plugin before 1.0.24 for WordPress has XSS.