| CVE-2025-6941 | LatePoint <= 5.1.94 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 6.4 | 2025-09-30 04:27:07 | Deep Dive |
| CVE-2025-6815 | LatePoint <= 5.1.94 - Authenticated (Administrator+) Stored Cross-Site Scripting | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 5.5 | 2025-09-30 04:27:06 | Deep Dive |
| CVE-2025-58862 | WordPress WordPress Events Calendar Plugin – connectDaily Plugin <= 1.5.5 - Cross Site Scripting (XSS) Vulnerability | George Sexton | WordPress Events Calendar Plugin – connectDaily | Medium | 6.5 | 2025-09-05 13:45:41 | Deep Dive |
| CVE-2025-7813 | Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 7.2 | 2025-08-23 05:48:20 | Deep Dive |
| CVE-2025-52730 | WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Cross Site Scripting (XSS) Vulnerability | themefunction | WordPress Event Manager, Event Calendar and Booking Plugin | Medium | 6.5 | 2025-08-14 10:34:02 | Deep Dive |
| CVE-2025-52731 | WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerability | themefunction | WordPress Event Manager, Event Calendar and Booking Plugin | High | 7.5 | 2025-08-14 10:34:01 | Deep Dive |
| CVE-2025-4667 | Simply Schedule Appointments <= 1.6.8.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 6.4 | 2025-06-14 09:23:34 | Deep Dive |
| CVE-2025-3527 | EventON - WordPress Virtual Event Calendar Plugin <= 4.9.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | EventON | EventON (Pro) - WordPress Virtual Event Calendar Plugin | Medium | 6.4 | 2025-05-17 11:17:16 | Deep Dive |
| CVE-2025-3769 | Latepoint <= 5.1.92 - Unauthenticated Insecure Direct Object Reference | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 5.3 | 2025-05-14 11:12:26 | Deep Dive |
| CVE-2025-32597 | WordPress WordPress Events Calendar Plugin – connectDaily plugin <= 1.5.4 - CSRF to Cross-Site Scripting vulnerability | George Sexton | WordPress Events Calendar Plugin – connectDaily | High | 7.1 | 2025-04-09 16:09:30 | Deep Dive |
| CVE-2025-1119 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticated Arbitrary Shortcode Execution | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.3 | 2025-03-13 06:56:57 | Deep Dive |
| CVE-2024-13431 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.3 - Reflected Cross-Site Scripting | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 6.1 | 2025-03-07 08:21:28 | Deep Dive |
| CVE-2024-13677 | GetBookingsWp - Appointments & Bookings Plugin Basic Version <= 1.1.27 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover | istmoplugins | GetBookingsWP – Appointments Booking Calendar Plugin For WordPress | High | 8.8 | 2025-02-18 04:21:20 | Deep Dive |
| CVE-2024-12274 | BookingPress < 1.1.23 - Unauthenticated Export File Download | Unknown | Appointment Booking Calendar Plugin and Scheduling Plugin | 高危 | - | 2025-01-13 06:00:01 | Deep Dive |
| CVE-2024-11726 | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.21 - Authenticated (Contributor+) SQL Injection | reputeinfosystems | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress | Medium | 6.5 | 2024-12-24 11:09:50 | Deep Dive |
| CVE-2024-11275 | WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Deletion | arraytics | Timetics – Appointment Booking & Scheduling | Medium | 4.3 | 2024-12-13 08:24:52 | Deep Dive |
| CVE-2024-7877 | Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS | Unknown | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | - | - | 2024-11-05 06:00:08 | Deep Dive |
| CVE-2024-7876 | Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS | Unknown | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | - | - | 2024-11-05 06:00:07 | Deep Dive |
| CVE-2024-10540 | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.16 - Authenticated (Subscriber+) SQL Injection | reputeinfosystems | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress | Medium | 5.3 | 2024-11-02 02:03:08 | Deep Dive |
| CVE-2024-9263 | WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.25 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover | arraytics | Timetics – Appointment Booking & Scheduling | Critical | 9.8 | 2024-10-17 03:32:49 | Deep Dive |