| CVE-2025-13756 | Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution <= 1.9.11 - Authenticated (Subscriber+) Missing Authorization to Calendar Import and Management | techjewel | Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution | Medium | 4.3 | 2025-12-03 13:52:45 | Deep Dive |
| CVE-2025-13318 | Booking Calendar Contact Form <= 1.2.60 - Missing Authorization to Unauthenticated Arbitrary Booking Confirmation via 'dex_bccf_ipn' Parameter | codepeople | Booking Calendar Contact Form | Medium | 5.3 | 2025-11-22 08:30:30 | Deep Dive |
| CVE-2025-13317 | Appointment Booking Calendar <= 1.3.96 - Missing Authorization to Arbitrary Booking Confirmation via 'cpabc_ipncheck' Parameter | codepeople | Appointment Booking Calendar | Medium | 5.3 | 2025-11-22 07:29:19 | Deep Dive |
| CVE-2025-12482 | Booking for Appointments and Events Calendar – Amelia <= 1.2.35 - Unauthenticated SQL Injection via search | ameliabooking | Booking for Appointments and Events Calendar – Amelia | High | 7.5 | 2025-11-16 04:17:30 | Deep Dive |
| CVE-2025-64381 | WordPress Booking Calendar plugin <= 10.14.7 - Cross Site Scripting (XSS) vulnerability | wpdevelop | Booking Calendar | 中危 | - | 2025-11-13 09:24:35 | Deep Dive |
| CVE-2025-64261 | WordPress Appointment Booking Calendar plugin <= 1.3.95 - Broken Access Control vulnerability | codepeople | Appointment Booking Calendar | Medium | 5.4 | 2025-11-13 09:24:27 | Deep Dive |
| CVE-2025-12633 | Booking Calendar | Appointment Booking | Bookit <= 2.5.0 - Missing Authorization to Unauthenticated Stripe Connection | stellarwp | Bookit — Booking & Appointment Calendar | High | 7.5 | 2025-11-12 07:27:41 | Deep Dive |
| CVE-2025-12788 | Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Missing Payment Verification to Unauthenticated Payment Bypass | themefic | Hydra Booking — Appointment Scheduling & Booking Calendar | Medium | 5.3 | 2025-11-11 11:03:46 | Deep Dive |
| CVE-2025-12787 | Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation | themefic | Hydra Booking — Appointment Scheduling & Booking Calendar | Medium | 5.3 | 2025-11-11 11:03:45 | Deep Dive |
| CVE-2025-7038 | LatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | High | 8.2 | 2025-09-30 04:27:08 | Deep Dive |
| CVE-2025-7052 | LatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | High | 8.8 | 2025-09-30 04:27:08 | Deep Dive |
| CVE-2025-6941 | LatePoint <= 5.1.94 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 6.4 | 2025-09-30 04:27:07 | Deep Dive |
| CVE-2025-6815 | LatePoint <= 5.1.94 - Authenticated (Administrator+) Stored Cross-Site Scripting | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 5.5 | 2025-09-30 04:27:06 | Deep Dive |
| CVE-2025-39541 | WordPress WP Simple Booking Calendar plugin <= 2.0.13 - Broken Access Control vulnerability | Roland Murg | WP Simple Booking Calendar | Medium | 6.5 | 2025-09-09 16:25:30 | Deep Dive |
| CVE-2025-9346 | Booking Calendar <= 10.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevelop | Booking Calendar | Medium | 6.4 | 2025-08-28 03:42:45 | Deep Dive |
| CVE-2025-7813 | Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 7.2 | 2025-08-23 05:48:20 | Deep Dive |
| CVE-2025-54677 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.5.3 - Arbitrary File Upload Vulnerability | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | Critical | 9.1 | 2025-08-20 08:02:52 | Deep Dive |
| CVE-2025-54676 | WordPress Online Booking & Scheduling Calendar for by vcita Plugin plugin <= 4.5.3 - Cross Site Scripting (XSS) Vulnerability | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | Medium | 6.5 | 2025-08-14 10:34:42 | Deep Dive |
| CVE-2025-52730 | WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Cross Site Scripting (XSS) Vulnerability | themefunction | WordPress Event Manager, Event Calendar and Booking Plugin | Medium | 6.5 | 2025-08-14 10:34:02 | Deep Dive |
| CVE-2025-52731 | WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerability | themefunction | WordPress Event Manager, Event Calendar and Booking Plugin | High | 7.5 | 2025-08-14 10:34:01 | Deep Dive |