| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-13369 | Tour Master - Tour Booking, Travel, Hotel <= 5.3.7 - Authenticated (Subscriber+) SQL Injection via review_id Parameter | GoodLayers | Tour Master - Tour Booking, Travel, Hotel | Medium | 6.5 | 2025-02-18 09:21:16 | Deep Dive |
| CVE-2024-13677 | GetBookingsWp - Appointments & Bookings Plugin Basic Version <= 1.1.27 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover | istmoplugins | GetBookingsWP – Appointments Booking Calendar Plugin For WordPress | High | 8.8 | 2025-02-18 04:21:20 | Deep Dive |
| CVE-2025-23653 | WordPress Form To Online Booking plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | Nabeel Tahir | Form To Online Booking | High | 7.1 | 2025-02-14 12:44:31 | Deep Dive |
| CVE-2024-13821 | WP Booking Calendar <= 10.10 - Unauthenticated Post-Confirmation Booking Manipulation | wpdevelop | Booking Calendar | Medium | 5.3 | 2025-02-12 07:35:38 | Deep Dive |
| CVE-2024-11134 | Eventer <= 3.9.9 - Missing Authorization to Authenticated (Subscriber+) Bookings Export | imithemes | Eventer - WordPress Event & Booking Manager Plugin | Medium | 4.3 | 2025-02-03 19:22:49 | Deep Dive |
| CVE-2024-11132 | Eventer <= 3.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | imithemes | Eventer - WordPress Event & Booking Manager Plugin | Medium | 6.4 | 2025-02-03 19:22:49 | Deep Dive |
| CVE-2024-11133 | Eventer <= 3.9.9.5 - Missing Authorization to Unauthenticated Event Ticket Download | imithemes | Eventer - WordPress Event & Booking Manager Plugin | Medium | 5.3 | 2025-02-03 19:22:44 | Deep Dive |
| CVE-2025-24661 | WordPress Taxi Booking Manager for WooCommerce plugin <= 1.1.8 - PHP Object Injection vulnerability | magepeopleteam | Taxi Booking Manager for WooCommerce | High | 8.8 | 2025-02-03 14:23:54 | Deep Dive |
| CVE-2025-22684 | WordPress WP BASE Booking plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability | Hakan Ozevin | WP BASE Booking | High | 7.1 | 2025-02-03 14:23:52 | Deep Dive |
| CVE-2025-24560 | WordPress Awesome Event Booking plugin <= 2.7.1 - Reflected Cross Site Scripting (XSS) vulnerability | AwesomeTOGI | Awesome Event Booking | High | 7.1 | 2025-01-31 08:24:40 | Deep Dive |
| CVE-2025-22720 | WordPress WpRently | WordPress plugin plugin <= 2.2.1 - Broken Access Control vulnerability | magepeopleteam | Booking and Rental Manager | Medium | 5.8 | 2025-01-31 08:23:55 | Deep Dive |
| CVE-2024-13380 | Alex Reservations: Smart Restaurant Booking <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | alexreservations | Alex Reservations: Smart Restaurant Booking | Medium | 6.4 | 2025-01-30 12:22:27 | Deep Dive |
| CVE-2024-11135 | Eventer <= 3.9.8 - Unauthenticated SQL Injection via eventer_get_attendees | imithemes | Eventer - WordPress Event & Booking Manager Plugin | High | 7.5 | 2025-01-28 04:21:33 | Deep Dive |
| CVE-2024-11641 | VikBooking Hotel Booking Engine & PMS <= 1.7.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload | e4jvikwp | VikBooking Hotel Booking Engine & PMS | High | 8.8 | 2025-01-26 11:09:45 | Deep Dive |
| CVE-2025-24723 | WordPress Booking Calendar Contact Form Plugin <= 1.2.55 - Stored Cross Site Scripting (XSS) vulnerability | codepeople | Booking Calendar Contact Form | Medium | 5.9 | 2025-01-24 17:25:13 | Deep Dive |
| CVE-2024-13447 | WP Hotel Booking <= 2.1.6 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval | thimpress | WP Hotel Booking | Medium | 4.3 | 2025-01-22 11:07:58 | Deep Dive |
| CVE-2025-22719 | WordPress VikAppointments Services Booking Calendar plugin <= 1.2.16 - CSRF to Stored XSS vulnerability | e4jvikwp | VikAppointments Services Booking Calendar | High | 7.1 | 2025-01-21 13:57:35 | Deep Dive |
| CVE-2024-12370 | WP Hotel Booking <= 2.1.5 - Missing Authorization | thimpress | WP Hotel Booking | Medium | 5.3 | 2025-01-17 08:25:38 | Deep Dive |
| CVE-2024-10799 | Eventer <= 3.9.7 - Authenticated (Subscriber+) Arbitrary File Read | imithemes | Eventer - WordPress Event & Booking Manager Plugin | Medium | 6.5 | 2025-01-17 05:29:28 | Deep Dive |
| CVE-2025-23911 | WordPress Solidres – Hotel booking plugin for WordPress Plugin <= 0.9.4 - SQL Injection vulnerability | solidres | Solidres – Hotel booking plugin | High | 8.5 | 2025-01-16 20:07:49 | Deep Dive |