| CVE-2023-25037 | WordPress Booking Calendar Contact Form plugin <= 1.2.34 - Broken Access Control vulnerability | codepeople | Booking Calendar Contact Form | Medium | 4.3 | 2024-12-09 11:31:38 | Deep Dive |
| CVE-2024-9872 | Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | Medium | 5.4 | 2024-12-06 08:24:55 | Deep Dive |
| CVE-2024-10893 | WP Booking Calendar < 10.6.5 - Admin+ Stored XSS | Unknown | WP Booking Calendar | 中危 | - | 2024-12-03 06:00:04 | Deep Dive |
| CVE-2024-10878 | Sugar Calendar (Lite) <= 3.3.0 - Reflected Cross-Site Scripting | smub | Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform | Medium | 6.1 | 2024-11-26 17:32:11 | Deep Dive |
| CVE-2024-9504 | Booking calendar, Appointment Booking System <= 3.2.15 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload | wpdevart | Booking calendar, Appointment Booking System | High | 7.2 | 2024-11-26 07:31:31 | Deep Dive |
| CVE-2024-51873 | WordPress Multi-day Booking Calendar plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | Masashi Takizawa | Multi-day Booking Calendar | Medium | 6.5 | 2024-11-19 16:31:22 | Deep Dive |
| CVE-2024-7982 | Registrations for The Events Calendar < 2.12.4 - Unauthenticated Stored XSS | Unknown | Registrations for the Events Calendar | 超危 | - | 2024-11-08 06:00:03 | Deep Dive |
| CVE-2024-10027 | WP Booking Calendar < 10.6.3 - Admin+ Stored XSS | Unknown | WP Booking Calendar | - | - | 2024-11-07 06:00:06 | Deep Dive |
| CVE-2024-7877 | Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS | Unknown | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | - | - | 2024-11-05 06:00:08 | Deep Dive |
| CVE-2024-7876 | Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS | Unknown | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | - | - | 2024-11-05 06:00:07 | Deep Dive |
| CVE-2024-10540 | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.16 - Authenticated (Subscriber+) SQL Injection | reputeinfosystems | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress | Medium | 5.3 | 2024-11-02 02:03:08 | Deep Dive |
| CVE-2024-43143 | WordPress Registrations for the Events Calendar plugin <= 2.12.1 - Broken Access Control vulnerability | Roundup WP | Registrations for the Events Calendar | Medium | 6.4 | 2024-11-01 14:17:46 | Deep Dive |
| CVE-2024-9864 | EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 6.1 | 2024-10-24 06:50:25 | Deep Dive |
| CVE-2024-9865 | EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting via Transaction Log | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 6.1 | 2024-10-24 06:50:24 | Deep Dive |
| CVE-2024-9263 | WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.25 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover | arraytics | Timetics – Appointment Booking & Scheduling | Critical | 9.8 | 2024-10-17 03:32:49 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-21270 | Oracle E-Business Suite 安全漏洞 | Oracle Corporation | Oracle Common Applications Calendar | High | 8.1 | 2024-10-15 19:52:58 | Deep Dive |
| CVE-2024-47638 | WordPress Online Booking & Scheduling Calendar for WordPress plugin <= 4.4.6 - Reflected Cross Site Scripting (XSS) vulnerability | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | High | 7.1 | 2024-10-05 13:03:22 | Deep Dive |
| CVE-2024-44013 | WordPress VR Calendar plugin <= 2.4.0 - Local File Inclusion vulnerability | Innate Images LLC | VR Calendar | High | 7.5 | 2024-10-05 10:37:46 | Deep Dive |
| CVE-2024-9306 | WP Booking Calendar <= 10.6 - Authenticated (Admin+) Stored Cross-Site Scripting | wpdevelop | Booking Calendar | Medium | 4.4 | 2024-10-04 06:48:40 | Deep Dive |