| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-10155 | PHPGurukul Boat Booking System Book a Boat Page book-boat.php cross site scripting | PHPGurukul | Boat Booking System | Low | 3.5 | 2024-10-19 20:31:06 | Deep Dive |
| CVE-2024-10154 | PHPGurukul Boat Booking System Check Booking Status Page status.php sql injection | PHPGurukul | Boat Booking System | Medium | 6.3 | 2024-10-19 18:31:05 | Deep Dive |
| CVE-2024-10153 | PHPGurukul Boat Booking System Book a Boat Page book-boat.php sql injection | PHPGurukul | Boat Booking System | Medium | 6.3 | 2024-10-19 18:00:09 | Deep Dive |
| CVE-2024-49304 | WordPress Pinpoint Booking System plugin <= 2.9.9.5.7 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | DOTonPAPER | Pinpoint Booking System | Medium | 5.4 | 2024-10-17 17:48:17 | Deep Dive |
| CVE-2024-9263 | WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.25 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover | arraytics | Timetics – Appointment Booking & Scheduling | Critical | 9.8 | 2024-10-17 03:32:49 | Deep Dive |
| CVE-2024-49265 | WordPress Booking.com Banner Creator plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability | SPBooking.com | Booking.com Banner Creator | Medium | 6.5 | 2024-10-16 15:33:21 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-44037 | WordPress Multipurpose Ticket Booking Manager plugin <= 4.2.2 - Cross Site Scripting (XSS) vulnerability | magepeopleteam | Multipurpose Ticket Booking Manager | Medium | 5.9 | 2024-10-06 12:13:50 | Deep Dive |
| CVE-2024-47638 | WordPress Online Booking & Scheduling Calendar for WordPress plugin <= 4.4.6 - Reflected Cross Site Scripting (XSS) vulnerability | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | High | 7.1 | 2024-10-05 13:03:22 | Deep Dive |
| CVE-2024-47316 | WordPress Salon Booking Wordpress Plugin plugin <= 10.9 - Insecure Direct Object References (IDOR) vulnerability | Dimitri Grassi | Salon booking system | Medium | 4.3 | 2024-10-05 12:27:13 | Deep Dive |
| CVE-2024-9306 | WP Booking Calendar <= 10.6 - Authenticated (Admin+) Stored Cross-Site Scripting | wpdevelop | Booking Calendar | Medium | 4.4 | 2024-10-04 06:48:40 | Deep Dive |
| CVE-2024-7855 | WP Hotel Booking <= 2.1.2 - Authenticated (Subscriber+) Arbitrary File Upload | thimpress | WP Hotel Booking | High | 8.8 | 2024-10-02 04:31:18 | Deep Dive |
| CVE-2024-8671 | WooEvents <= 4.1.2 - Unauthenticated Arbitrary File Overwrite | Ex-Themes | WooEvents - Calendar and Event Booking | Critical | 9.1 | 2024-09-24 03:06:38 | Deep Dive |
| CVE-2024-8432 | Appointment & Event Booking Calendar Plugin – Webba Booking <= 5.0.48 - Missing Authorization to Authenticated (Subscriber+) CSS Settings Update | webba-agency | Easy Appointment Booking & Scheduling System – Webba Booking Calendar | Medium | 4.3 | 2024-09-24 01:56:45 | Deep Dive |
| CVE-2024-43985 | WordPress Bus Ticket Booking with Seat Reservation plugin <= 5.3.5 - Cross Site Scripting (XSS) vulnerability | MagePeople Team | Bus Ticket Booking with Seat Reservation | Medium | 5.9 | 2024-09-17 22:41:39 | Deep Dive |
| CVE-2024-8797 | WP Booking System – Booking Calendar <= 2.0.19.8 - Reflected Cross-Site Scripting | murgroland | WP Booking System – Booking Calendar | Medium | 6.1 | 2024-09-14 05:40:43 | Deep Dive |
| CVE-2024-8663 | WP Simple Booking Calendar <= 2.0.10 - Reflected Cross-Site Scripting | murgroland | WP Simple Booking Calendar | Medium | 6.1 | 2024-09-13 06:47:30 | Deep Dive |
| CVE-2024-7129 | Appointment Booking Calendar < 1.6.7.43 - Admin+ Template Injection to RCE | Unknown | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | - | - | 2024-09-13 06:00:04 | Deep Dive |
| CVE-2024-7112 | Pinpoint Booking System <= 2.9.9.5.0- Authenticated (Subscriber+) SQL Injection | dotonpaper | Pinpoint Booking System – Version 2 | High | 8.8 | 2024-09-07 11:17:04 | Deep Dive |
| CVE-2024-6332 | Booking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.4 - Missing Authorization to Sensitive Information Exposure | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 6.5 | 2024-09-05 09:29:49 | Deep Dive |