VYPR

Booking Calendar

by WordPress

Source repositories

CVEs (24)

  • CVE-2024-10027MedNov 7, 2024
    risk 0.31cvss 4.8epss 0.00

    The WP Booking Calendar WordPress plugin before 10.6.3 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for…

  • CVE-2018-5672MedJan 13, 2018
    risk 0.31cvss 4.8epss 0.01

    An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php form_field5[label] parameter.

  • CVE-2018-5671MedJan 13, 2018
    risk 0.31cvss 4.8epss 0.01

    An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php extra_field1[items][field_item1][price_percent] parameter.

  • CVE-2018-5670MedJan 13, 2018
    risk 0.31cvss 4.8epss 0.01

    An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php sale_conditions[count][] parameter.

Page 2 of 2