Home/Product/booking calendar project booking calendar
Product

booking calendar project booking calendar

26 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-13821
< 10.10.1
The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versio
5.3MEDIUM
 CVE-2024-10856
< 3.2.0
The Booking Calendar WpDevArt plugin is vulnerable to time-based, blind SQL injection via the id parameter in the “wpdevart_bo
6.5MEDIUM
 CVE-2023-24407
< 3.2.4
Missing Authorization vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Exploiting Incorrectly Configu
5.0MEDIUM
 CVE-2024-6930
< 10.2.2
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plug
6.4MEDIUM
 CVE-2023-24373
< 3.2.4
External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows
3.7LOW
 CVE-2024-1207
< 9.9.1
The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' pa
9.8CRITICAL
 CVE-2023-46914
<= 2.7.9
SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to exec
9.8CRITICAL
 CVE-2023-51520
< 9.7.4
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPdevelop / Oplugins WP Book
6.5MEDIUM
 CVE-2022-47428
< 3.2.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, A
6.7MEDIUM
 CVE-2023-4620
< 9.7.3.1
The Booking Calendar WordPress plugin before 9.7.3.1 does not sanitize and escape some of its booking from data, allowing unauthen
6.1MEDIUM
 CVE-2023-36384
<= 1.2.40
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeople Booking Calendar Contact Form plugin <= 1.2.40 versions.
7.1HIGH
 CVE-2022-47438
<= 3.2.3
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <=
5.9MEDIUM
 CVE-2023-24388
< 3.2.4
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions
4.3MEDIUM
 CVE-2022-3982
< 3.2.2
The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow
9.8CRITICAL
 CVE-2022-33177
<= 9.2.1
Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Oplugins Booking Calendar plugin <= 9.2.1 at WordPress leading to Tra
5.4MEDIUM
 CVE-2022-1463
<= 9.1
The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in version
8.8HIGH
 CVE-2021-25040
< 8.9.2
The Booking Calendar WordPress plugin before 8.9.2 does not sanitise and escape the booking_type parameter before outputting it ba
6.1MEDIUM
 CVE-2017-18555
< 1.1.0
The booking-sms plugin before 1.1.0 for WordPress has XSS.
6.1MEDIUM
 CVE-2018-20556
all versions
SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL comman
8.8HIGH
 CVE-2018-10363
all versions
An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parame
7.5HIGH
 CVE-2018-5673
all versions
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php.
8.8HIGH
 CVE-2018-5672
all versions
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php form_field5[labe
4.8MEDIUM
 CVE-2018-5671
all versions
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php extra_field1[ite
4.8MEDIUM
 CVE-2018-5670
all versions
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php sale_conditions[
4.8MEDIUM
 CVE-2017-2151
<= 7.1
Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web scr
6.1MEDIUM
 CVE-2017-2150
<= 7.0
Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via
5.3MEDIUM
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh