| CVE-2025-32299 | WordPress QuickCal plugin <= 1.0.15 - Sensitive Data Exposure Vulnerability | Themovation | QuickCal - Appointment Booking Calendar for WordPress | Medium | 4.3 | 2025-05-16 15:45:30 | Deep Dive |
| CVE-2025-32310 | WordPress QuickCal plugin <= 1.0.15 - CSRF to Privilege Escalation vulnerability | ThemeMove | QuickCal - Appointment Booking Calendar for WordPress | High | 8.8 | 2025-05-16 15:45:28 | Deep Dive |
| CVE-2025-46247 | WordPress Appointment Booking Calendar plugin <= 1.3.92 - Broken Access Control Vulnerability | codepeople | Appointment Booking Calendar | Medium | 5.3 | 2025-04-22 09:53:32 | Deep Dive |
| CVE-2025-46241 | WordPress Appointment Booking Calendar plugin <= 1.3.92 - CSRF to SQL Injection vulnerability | codepeople | Appointment Booking Calendar | High | 8.2 | 2025-04-22 09:53:28 | Deep Dive |
| CVE-2025-1119 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticated Arbitrary Shortcode Execution | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.3 | 2025-03-13 06:56:57 | Deep Dive |
| CVE-2024-13431 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.3 - Reflected Cross-Site Scripting | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 6.1 | 2025-03-07 08:21:28 | Deep Dive |
| CVE-2025-23526 | WordPress Swift Calendar Online Appointment Scheduling plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability | SwiftCloud | Swift Calendar Online Appointment Scheduling | High | 7.1 | 2025-03-03 13:30:10 | Deep Dive |
| CVE-2024-12274 | BookingPress < 1.1.23 - Unauthenticated Export File Download | Unknown | Appointment Booking Calendar Plugin and Scheduling Plugin | 高危 | - | 2025-01-13 06:00:01 | Deep Dive |
| CVE-2024-12077 | Booking Calendar and Booking Calendar Pro <= Multiple Versions - Reflected Cross-Site Scripting via 'calendar_id' | wpdevart | Booking calendar, Appointment Booking System | Medium | 6.1 | 2025-01-07 07:22:34 | Deep Dive |
| CVE-2024-10856 | Booking Calendar WpDevArt <= 3.2.19 - Authenticated (Contributor+) SQL Injection | wpdevart | Booking calendar, Appointment Booking System | Medium | 6.5 | 2024-12-24 11:09:51 | Deep Dive |
| CVE-2024-11726 | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.21 - Authenticated (Contributor+) SQL Injection | reputeinfosystems | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress | Medium | 6.5 | 2024-12-24 11:09:50 | Deep Dive |
| CVE-2024-11275 | WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Deletion | arraytics | Timetics – Appointment Booking & Scheduling | Medium | 4.3 | 2024-12-13 08:24:52 | Deep Dive |
| CVE-2023-24407 | WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Broken Access Control vulnerability | wpdevart | Booking calendar, Appointment Booking System | Medium | 5.0 | 2024-12-09 11:31:40 | Deep Dive |
| CVE-2024-9504 | Booking calendar, Appointment Booking System <= 3.2.15 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload | wpdevart | Booking calendar, Appointment Booking System | High | 7.2 | 2024-11-26 07:31:31 | Deep Dive |
| CVE-2024-7877 | Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS | Unknown | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | - | - | 2024-11-05 06:00:08 | Deep Dive |
| CVE-2024-7876 | Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS | Unknown | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | - | - | 2024-11-05 06:00:07 | Deep Dive |
| CVE-2024-10540 | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.16 - Authenticated (Subscriber+) SQL Injection | reputeinfosystems | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress | Medium | 5.3 | 2024-11-02 02:03:08 | Deep Dive |
| CVE-2024-9263 | WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.25 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover | arraytics | Timetics – Appointment Booking & Scheduling | Critical | 9.8 | 2024-10-17 03:32:49 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-8432 | Appointment & Event Booking Calendar Plugin – Webba Booking <= 5.0.48 - Missing Authorization to Authenticated (Subscriber+) CSS Settings Update | webba-agency | Easy Appointment Booking & Scheduling System – Webba Booking Calendar | Medium | 4.3 | 2024-09-24 01:56:45 | Deep Dive |