VYPR

Booking System

by WordPress

Source repositories

CVEs (7)

  • CVE-2023-0220HigFeb 13, 2023
    risk 0.57cvss 8.8epss 0.01

    The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks.

  • CVE-2015-9460HigOct 10, 2019
    risk 0.57cvss 8.8epss 0.02

    The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.

  • CVE-2024-53815HigDec 6, 2024
    risk 0.55cvss 8.5epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Blind SQL Injection.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.5.1.

  • CVE-2023-38520MedJun 4, 2024
    risk 0.42cvss 6.5epss 0.00

    External Control of Assumed-Immutable Web Parameter vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Functionality Misuse.This issue affects Pinpoint Booking System: from n/a through 2.9.9.3.4.

  • CVE-2024-54252MedDec 13, 2024
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.5.7.

  • CVE-2024-49304MedOct 17, 2024
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Stored XSS.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.5.7.

  • CVE-2014-3210May 22, 2014
    risk 0.03cvss epss 0.04

    SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php.