| CVE-2026-2230 | Booking Calendar <= 10.14.14 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Settings Modification | wpdevelop | Booking Calendar | Medium | 4.3 | 2026-02-18 16:28:15 | Deep Dive |
| CVE-2025-14873 | LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Cross-Site Request Forgery | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 4.3 | 2026-02-14 06:42:27 | Deep Dive |
| CVE-2026-1932 | Appointment Booking Calendar Plugin <= 1.0.2 - Missing Authorization to Unauthenticated Arbitrary Appointment Status Modification | bssoftware | Appointment Booking Calendar Plugin – Bookr | Medium | 5.3 | 2026-02-14 05:54:12 | Deep Dive |
| CVE-2026-1537 | LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Missing Authorization to Booking Details Exposure | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 5.3 | 2026-02-12 02:23:25 | Deep Dive |
| CVE-2026-0617 | LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Unauthenticated Stored Cross-Site Scripting | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | High | 7.2 | 2026-02-03 06:38:02 | Deep Dive |
| CVE-2026-1431 | Booking Calendar <= 10.14.13 - Missing Authorization to Unauthenticated Booking Details Exposure | wpdevelop | Booking Calendar | Medium | 5.3 | 2026-01-31 04:35:15 | Deep Dive |
| CVE-2026-1083 | Appointment Hour Booking – Booking Calendar <= 1.5.60 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Min/Max Length' Field Configuration | codepeople | Appointment Hour Booking – Booking Calendar | Medium | 4.4 | 2026-01-28 05:30:19 | Deep Dive |
| CVE-2025-14982 | Booking Calendar <= 10.14.11 - Missing Authorization to Sensitive Information Exposure | wpdevelop | Booking Calendar | Medium | 4.3 | 2026-01-16 04:44:33 | Deep Dive |
| CVE-2025-12166 | Simply Schedule Appointments <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.5 | 2026-01-14 22:23:51 | Deep Dive |
| CVE-2025-14657 | Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered) <= 4.0.51 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'post_settings' | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 7.2 | 2026-01-09 07:22:13 | Deep Dive |
| CVE-2025-14146 | Booking Calendar <= 10.14.10 - Unauthenticated Sensitive Information Exposure | wpdevelop | Booking Calendar | Medium | 5.3 | 2026-01-09 07:22:10 | Deep Dive |
| CVE-2025-14720 | Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 5.3 | 2026-01-09 06:34:54 | Deep Dive |
| CVE-2025-5919 | Appointment Booking and Scheduling Calendar Plugin – WP Timetics <= 1.0.36 - Missing Authorization to Unauthenticated Booking Details View And Modification | arraytics | Timetics – Appointment Booking & Scheduling | Medium | 6.5 | 2026-01-06 08:21:50 | Deep Dive |
| CVE-2025-11723 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.5 - Unauthenticated Sensitive Information Exposure | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 6.5 | 2026-01-06 03:21:39 | Deep Dive |
| CVE-2025-13754 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.16 - Missing Authorization to Unauthenticated Sensitive Information Exposure | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 5.3 | 2025-12-19 06:48:22 | Deep Dive |
| CVE-2025-14383 | Booking Calendar <= 10.14.8 - Unauthenticated SQL Injection via dates_to_check | wpdevelop | Booking Calendar | High | 7.5 | 2025-12-15 14:25:12 | Deep Dive |
| CVE-2025-67574 | WordPress Booking calendar, Appointment Booking System plugin <= 3.2.30 - Broken Access Control vulnerability | wpdevart | Booking calendar, Appointment Booking System | Medium | 5.3 | 2025-12-09 14:14:14 | Deep Dive |
| CVE-2025-67559 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Broken Access Control vulnerability | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | Medium | 5.4 | 2025-12-09 14:14:09 | Deep Dive |
| CVE-2025-67472 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Cross Site Request Forgery (CSRF) vulnerability | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | Medium | 4.3 | 2025-12-09 14:13:57 | Deep Dive |
| CVE-2025-12804 | Booking Calendar <= 10.14.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingcalendar Shortcode | wpdevelop | Booking Calendar | Medium | 6.4 | 2025-12-05 01:55:22 | Deep Dive |