Tennis Court Bookings

Source repositories

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-52787	Hig	0.46	7.1	0.00		Jul 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EZiHosting Tennis Court Bookings tennis-court-bookings allows Reflected XSS.This issue affects Tennis Court Bookings: from n/a through <= 1.2.7.
CVE-2026-1044	Med	0.29	4.4	0.00		Feb 19, 2026	The Tennis Court Bookings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE-2025-52787HigJul 16, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EZiHosting Tennis Court Bookings tennis-court-bookings allows Reflected XSS.This issue affects Tennis Court Bookings: from n/a through <= 1.2.7.
CVE-2026-1044MedFeb 19, 2026
risk 0.29cvss 4.4epss 0.00
The Tennis Court Bookings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.