VYPR

Bookster

by WordPress

CVEs (2)

  • CVE-2024-5071MedJun 26, 2024
    risk 0.42cvss 6.5epss 0.00

    The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to approved.

  • CVE-2025-8781MedFeb 18, 2026
    risk 0.25cvss 4.9epss 0.00

    The Bookster – WordPress Appointment Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘raw’ parameter in all versions up to, and including, 2.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the…