VYPR

Wp Simple Booking Calendar

by WordPress

CVEs (8)

  • CVE-2021-24726HigSep 13, 2021
    risk 0.57cvss 8.8epss 0.02

    The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue

  • CVE-2024-8663MedSep 13, 2024
    risk 0.40cvss 6.1epss 0.00

    The WP Simple Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.10. This makes it possible for unauthenticated…

  • CVE-2024-13323MedJan 14, 2025
    risk 0.35cvss 6.4epss 0.00

    The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' shortcode in all versions up to, and including, 10.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2024-6930MedJul 24, 2024
    risk 0.35cvss 6.4epss 0.00

    The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-13821MedFeb 12, 2025
    risk 0.34cvss 5.3epss 0.00

    The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.10. This is due to the plugin not properly requiring re-verification after a booking has been made and a change is being…

  • CVE-2024-8274MedAug 30, 2024
    risk 0.33cvss 6.1epss 0.00

    The WP Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters from 'timeline_obj' in all versions up to, and including, 10.5 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-9306MedOct 4, 2024
    risk 0.29cvss 4.4epss 0.00

    The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2023-51525MedMar 15, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg WP Simple Booking Calendar.This issue affects WP Simple Booking Calendar: from n/a through 2.0.8.4.