VYPR

Appointment Booking Calendar Plugin And Scheduling Plugin

by WordPress

Source repositories

CVEs (6)

  • CVE-2024-6660HigJul 17, 2024
    risk 0.50cvss 8.8epss 0.01

    The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_f…

  • CVE-2024-6467HigJul 17, 2024
    risk 0.50cvss 8.8epss 0.01

    The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizard_settings_func' function.…

  • CVE-2024-12274Jan 13, 2025
    risk 0.00cvss epss 0.01

    The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files (if they exist).

  • CVE-2024-7877Nov 5, 2024
    risk 0.00cvss epss 0.00

    The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even…

  • CVE-2024-7876Nov 5, 2024
    risk 0.00cvss epss 0.00

    The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Appointment Type settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even…

  • CVE-2024-10540Nov 2, 2024
    risk 0.00cvss epss 0.01

    The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpress_form shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user…