| CVE-2025-22785 | WordPress Course Booking System plugin <= 6.0.6 - SQL Injection vulnerability | ComMotion | Course Booking System | Critical | 9.3 | 2025-01-15 15:23:11 | Deep Dive |
| CVE-2024-13323 | Booking Calendar <= 10.9.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'booking' Shortcode | wpdevelop | Booking Calendar | Medium | 6.4 | 2025-01-14 05:24:39 | Deep Dive |
| CVE-2024-11396 | Event monster <= 1.4.3 - Information Exposure Via Visitors List Export | awordpresslife | Event Monster – Manager & Ticket Booking | Medium | 5.3 | 2025-01-13 23:21:40 | Deep Dive |
| CVE-2024-12274 | BookingPress < 1.1.23 - Unauthenticated Export File Download | Unknown | Appointment Booking Calendar Plugin and Scheduling Plugin | 高危 | - | 2025-01-13 06:00:01 | Deep Dive |
| CVE-2024-12412 | Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin <= 2.2.1 - Reflected Cross-Site Scripting | magepeopleteam | Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment | Medium | 6.1 | 2025-01-11 07:21:53 | Deep Dive |
| CVE-2024-12067 | WP Travel – Ultimate Travel Booking System, Tour Management Engine <= 10.0.0 - Authenticated (Subscriber+) SQL Injection | wptravel | WP Travel – Ultimate Travel Booking System, Tour Management Engine | Medium | 6.5 | 2025-01-09 11:10:58 | Deep Dive |
| CVE-2024-49294 | WordPress WpBusTicketly plugin <= 5.4.3 - Cross Site Request Forgery (CSRF) vulnerability | magepeopleteam | Bus Ticket Booking with Seat Reservation | Medium | 4.3 | 2025-01-07 10:49:34 | Deep Dive |
| CVE-2024-12077 | Booking Calendar and Booking Calendar Pro <= Multiple Versions - Reflected Cross-Site Scripting via 'calendar_id' | wpdevart | Booking calendar, Appointment Booking System | Medium | 6.1 | 2025-01-07 07:22:34 | Deep Dive |
| CVE-2024-12462 | YOGO Booking <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | andersyogo | YOGO Booking | Medium | 6.4 | 2025-01-07 04:21:56 | Deep Dive |
| CVE-2023-45649 | WordPress Appointment Hour Booking plugin <= 1.4.23 - Broken Access Control vulnerability | codepeople | Appointment Hour Booking | 中危 | - | 2025-01-02 11:59:53 | Deep Dive |
| CVE-2024-12272 | WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor <= 1.3.7 - Authenticated (Contributor+) Local File Inclusion | wptravelengine | WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor | High | 8.8 | 2024-12-25 03:21:32 | Deep Dive |
| CVE-2024-12032 | Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking <= 2.15.3 - Authenticated (Subscriber+) SQL Injection | themefic | Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin | Medium | 6.5 | 2024-12-25 03:21:31 | Deep Dive |
| CVE-2024-10856 | Booking Calendar WpDevArt <= 3.2.19 - Authenticated (Contributor+) SQL Injection | wpdevart | Booking calendar, Appointment Booking System | Medium | 6.5 | 2024-12-24 11:09:51 | Deep Dive |
| CVE-2024-11726 | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.21 - Authenticated (Contributor+) SQL Injection | reputeinfosystems | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress | Medium | 6.5 | 2024-12-24 11:09:50 | Deep Dive |
| CVE-2024-12558 | WP BASE Booking of Appointments, Services and Events <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via app_export_db | puckrobin | WP BASE Booking of Appointments, Services and Events | Medium | 6.5 | 2024-12-21 09:23:54 | Deep Dive |
| CVE-2024-11912 | Traveler <= 3.1.6 - Unauthenticated SQL Injection via order_id | ShineTheme | Travel Booking WordPress Theme | High | 7.5 | 2024-12-18 11:09:32 | Deep Dive |
| CVE-2024-11926 | Traveler <= 3.1.6 - Missing Authorization in Several AJAX Actions | ShineTheme | Travel Booking WordPress Theme | Medium | 6.5 | 2024-12-18 11:09:31 | Deep Dive |
| CVE-2024-12469 | WP BASE Booking of Appointments, Services and Events <= 4.9.1 - Reflected Cross-Site Scripting via status Parameter | puckrobin | WP BASE Booking of Appointments, Services and Events | Medium | 6.1 | 2024-12-17 09:22:42 | Deep Dive |
| CVE-2024-54356 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5 - Cross Site Request Forgery (CSRF) vulnerability | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | Medium | 5.4 | 2024-12-16 14:14:13 | Deep Dive |
| CVE-2024-54433 | WordPress Simple Booking – Widget plugin <= 1.1 - CSRF to Stored XSS vulnerability | Marcel CL | Simple Booking Widget | High | 7.1 | 2024-12-16 14:13:45 | Deep Dive |