| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-54373 | WordPress EduAdmin Booking plugin <= 5.2.0 - Local File Inclusion vulnerability | Chris Gardenberg | EduAdmin Booking | High | 7.5 | 2024-12-16 14:13:38 | Deep Dive |
| CVE-2024-11855 | Koalendar – Events & Appointments Booking Calendar <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via height Parameter | koalendar | Koalendar – Easy Appointment Scheduling & Booking Plugin | Medium | 6.4 | 2024-12-14 04:23:46 | Deep Dive |
| CVE-2024-54252 | WordPress Pinpoint Booking System Plugin <= 2.9.9.5.7 - Broken Access Control vulnerability | DOTonPAPER | Pinpoint Booking System | Medium | 6.3 | 2024-12-13 14:24:40 | Deep Dive |
| CVE-2023-32601 | WordPress Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.12 - Broken Access Control vulnerability | Deetronix | Booking Ultra Pro | Medium | 5.4 | 2024-12-13 14:23:27 | Deep Dive |
| CVE-2024-11275 | WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Deletion | arraytics | Timetics – Appointment Booking & Scheduling | Medium | 4.3 | 2024-12-13 08:24:52 | Deep Dive |
| CVE-2024-11754 | Booking System Trafft <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | ameliabooking | Booking System Trafft | Medium | 6.4 | 2024-12-13 08:24:50 | Deep Dive |
| CVE-2024-54220 | WordPress FAT Services Booking plugin <= 5.6 - Subscriber+ Site-Wide Cross Site Scripting (XSS) vulnerability | roninwp | FAT Services Booking | High | 7.1 | 2024-12-09 12:47:42 | Deep Dive |
| CVE-2023-23895 | WordPress WP Time Slots Booking Form plugin <= 1.1.82 - Broken Access Control vulnerability | codepeople | WP Time Slots Booking Form | Medium | 4.7 | 2024-12-09 11:31:44 | Deep Dive |
| CVE-2023-24407 | WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Broken Access Control vulnerability | wpdevart | Booking calendar, Appointment Booking System | Medium | 5.0 | 2024-12-09 11:31:40 | Deep Dive |
| CVE-2023-25037 | WordPress Booking Calendar Contact Form plugin <= 1.2.34 - Broken Access Control vulnerability | codepeople | Booking Calendar Contact Form | Medium | 4.3 | 2024-12-09 11:31:38 | Deep Dive |
| CVE-2023-49758 | WordPress WP Booking System plugin <= 2.0.19.2 - Broken Access Control vulnerability | Roland Murg | WP Booking System | 中危 | - | 2024-12-09 11:30:13 | Deep Dive |
| CVE-2024-53815 | WordPress Pinpoint Booking System plugin <= 2.9.9.5.2 - SQL Injection vulnerability | DOTonPAPER | Pinpoint Booking System | High | 8.5 | 2024-12-06 13:05:59 | Deep Dive |
| CVE-2024-9872 | Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | Medium | 5.4 | 2024-12-06 08:24:55 | Deep Dive |
| CVE-2024-54221 | WordPress FAT Services Booking plugin <= 5.6 - Unauthenticated SQL Injection vulnerability | roninwp | FAT Services Booking | Critical | 9.3 | 2024-12-04 23:27:15 | Deep Dive |
| CVE-2024-10893 | WP Booking Calendar < 10.6.5 - Admin+ Stored XSS | Unknown | WP Booking Calendar | 中危 | - | 2024-12-03 06:00:04 | Deep Dive |
| CVE-2024-53753 | WordPress CultBooking Hotel Booking Engine plugin <= 2.1 - CSRF to Stored XSS vulnerability | CultBooking | CultBooking Hotel Booking Engine | High | 7.1 | 2024-12-02 13:48:36 | Deep Dive |
| CVE-2024-9504 | Booking calendar, Appointment Booking System <= 3.2.15 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload | wpdevart | Booking calendar, Appointment Booking System | High | 7.2 | 2024-11-26 07:31:31 | Deep Dive |
| CVE-2024-10729 | Booking & Appointment Plugin for WooCommerce <= 6.9.0 - Authenticated (Subscriber+) Arbitrary Option Update | Tyche Softwares | Booking & Appointment Plugin for WooCommerce | High | 8.8 | 2024-11-26 02:06:34 | Deep Dive |
| CVE-2024-10606 | WP Travel Engine <= 6.2.1 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update | wptravelengine | WP Travel Engine – Tour Booking Plugin – Tour Operator Software | Medium | 4.3 | 2024-11-23 04:32:22 | Deep Dive |
| CVE-2024-10177 | Beds24 Online Booking <= 2.0.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via beds24-link Shortcode | markkinchin | Beds24 Online Booking | Medium | 6.4 | 2024-11-21 02:06:49 | Deep Dive |