| CVE-2024-2342 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Contributor+) SQL Injection via Shortcode | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 8.8 | 2024-04-09 18:58:31 | Deep Dive |
| CVE-2024-3022 | BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload | reputeinfosystems | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress | High | 7.2 | 2024-04-04 01:56:45 | Deep Dive |
| CVE-2024-1274 | My Calendar < 3.4.24 - Authenticated Stored XSS | Unknown | My Calendar | - | - | 2024-04-02 05:15:42 | Deep Dive |
| CVE-2024-30561 | WordPress Appointment Calendar plugin <= 2.9.6 - Reflected Cross Site Scripting (XSS) vulnerability | Scientech It Solution | Appointment Calendar | High | 7.1 | 2024-03-31 19:38:03 | Deep Dive |
| CVE-2024-31117 | WordPress WooCommerce Bookings Calendar plugin <= 1.0.36 - Cross Site Scripting (XSS) vulnerability | Moises Heberle | WooCommerce Bookings Calendar | Medium | 6.5 | 2024-03-31 18:51:17 | Deep Dive |
| CVE-2024-30427 | WordPress Spiffy Calendar plugin <= 4.9.7 - Cross Site Scripting (XSS) vulnerability | Spiffy Plugins | Spiffy Calendar | High | 7.1 | 2024-03-29 13:22:56 | Deep Dive |
| CVE-2024-2110 | Events Manager <= 6.4.7.1 - Cross-Site Request Forgery | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | Medium | 4.3 | 2024-03-28 02:04:11 | Deep Dive |
| CVE-2024-2111 | Events Manager <= 6.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | Medium | 6.4 | 2024-03-28 02:04:07 | Deep Dive |
| CVE-2023-23991 | WordPress Booking Calendar plugin <= 9.4.3 - SQL Injection | WPdevelop / Oplugins | Booking Calendar | High | 7.6 | 2024-03-26 08:56:12 | Deep Dive |
| CVE-2024-0856 | Booking Calendar < 1.3.83 - CSRF appointment scheduling | Unknown | Appointment Booking Calendar | - | - | 2024-03-20 05:00:03 | Deep Dive |
| CVE-2023-51525 | WordPress WP Simple Booking Calendar plugin <= 2.0.8.4 - Cross Site Request Forgery (CSRF) vulnerability | Roland Murg | WP Simple Booking Calendar | Medium | 4.3 | 2024-03-15 14:06:37 | Deep Dive |
| CVE-2024-25916 | WordPress My Calendar plugin <= 3.4.23 - Cross Site Scripting (XSS) vulnerability | Joseph C Dolson | My Calendar | Medium | 6.5 | 2024-03-15 13:05:03 | Deep Dive |
| CVE-2024-1126 | EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Attendee List Retrieval | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 4.3 | 2024-03-13 15:27:17 | Deep Dive |
| CVE-2024-1321 | EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Unauthenticated Booking Payment Bypass | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 5.3 | 2024-03-13 15:26:57 | Deep Dive |
| CVE-2024-0614 | Events Manager <= 6.4.6.4 - Authenticated(Administator+) Stored Cross-Site Scripting via settings | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | Medium | 4.4 | 2024-03-13 15:26:52 | Deep Dive |
| CVE-2024-0976 | WP Event Manager <= 3.1.41 - Reflected Cross-Site Scripting via plugin | wpeventmanager | WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce | Medium | 6.1 | 2024-03-13 15:26:48 | Deep Dive |
| CVE-2024-1484 | Booking for Appointments and Events Calendar – Amelia <= 1.0.98 - Reflected Cross-Site Scripting | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 6.1 | 2024-03-13 15:26:45 | Deep Dive |
| CVE-2024-1127 | EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Event Export | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 4.3 | 2024-03-13 15:26:44 | Deep Dive |
| CVE-2024-1125 | EventPrime – Events Calendar, Bookings and Tickets <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 5.4 | 2024-03-09 07:01:10 | Deep Dive |
| CVE-2024-1320 | EventPrime – Events Calendar, Bookings and Tickets <= 3.4.3 - Unauthenticated Stored Cross-Site Scripting | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 6.5 | 2024-03-09 07:01:10 | Deep Dive |