VYPR

Course Booking System

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-22785CriJan 15, 2025
    risk 0.61cvss 9.3epss 0.03

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System course-booking-system allows SQL Injection.This issue affects Course Booking System: from n/a through <= 6.0.6.

  • CVE-2025-32508HigApr 17, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ComMotion Course Booking System course-booking-system allows Reflected XSS.This issue affects Course Booking System: from n/a through <= 6.1.2.

  • CVE-2025-12042MedNov 8, 2025
    risk 0.34cvss 5.3epss 0.00

    The Course Booking System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in the csv-export.php file in all versions up to, and including, 6.1.5. This makes it possible for unauthenticated attackers to directly access the file…

  • CVE-2025-32253MedApr 4, 2025
    risk 0.34cvss 5.3epss 0.01

    Missing Authorization vulnerability in ComMotion Course Booking System course-booking-system allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Course Booking System: from n/a through <= 6.1.