Booking System
by WordPress
Source repositories
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-0220 | Hig | 0.57 | 8.8 | 0.01 | Feb 13, 2023 | The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks. | ||
| CVE-2015-9460 | Hig | 0.57 | 8.8 | 0.02 | Oct 10, 2019 | The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter. | ||
| CVE-2024-53815 | Hig | 0.55 | 8.5 | 0.01 | Dec 6, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Blind SQL Injection.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.5.1. | ||
| CVE-2023-38520 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2024 | External Control of Assumed-Immutable Web Parameter vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Functionality Misuse.This issue affects Pinpoint Booking System: from n/a through 2.9.9.3.4. | ||
| CVE-2024-54252 | Med | 0.41 | 6.3 | 0.00 | Dec 13, 2024 | Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.5.7. | ||
| CVE-2024-49304 | Med | 0.35 | 5.4 | 0.00 | Oct 17, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Stored XSS.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.5.7. | ||
| CVE-2014-3210 | 0.03 | — | 0.04 | May 22, 2014 | SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php. |
- risk 0.57cvss 8.8epss 0.01
The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks.
- risk 0.57cvss 8.8epss 0.02
The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.
- risk 0.55cvss 8.5epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Blind SQL Injection.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.5.1.
- risk 0.42cvss 6.5epss 0.00
External Control of Assumed-Immutable Web Parameter vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Functionality Misuse.This issue affects Pinpoint Booking System: from n/a through 2.9.9.3.4.
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.5.7.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Stored XSS.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.5.7.
- CVE-2014-3210May 22, 2014risk 0.03cvss —epss 0.04
SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php.