| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-8549 | Simple Calendar – Google Calendar Plugin <= 3.4.2 - Reflected Cross-Site Scripting | simplecalendar | Simple Calendar – Google Calendar Plugin | Medium | 6.1 | 2024-09-25 02:05:02 | Deep Dive |
| CVE-2024-8432 | Appointment & Event Booking Calendar Plugin – Webba Booking <= 5.0.48 - Missing Authorization to Authenticated (Subscriber+) CSS Settings Update | webba-agency | Easy Appointment Booking & Scheduling System – Webba Booking Calendar | Medium | 4.3 | 2024-09-24 01:56:45 | Deep Dive |
| CVE-2024-7129 | Appointment Booking Calendar < 1.6.7.43 - Admin+ Template Injection to RCE | Unknown | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | - | - | 2024-09-13 06:00:04 | Deep Dive |
| CVE-2024-7350 | Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress 1.1.6 - 1.1.7 - Authentication Bypass to Account Takeover | reputeinfosystems | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress | Critical | 9.8 | 2024-08-08 02:32:07 | Deep Dive |
| CVE-2024-6175 | Booking Ultra Pro <= 1.1.13 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Updates | deetronix | Booking Ultra Pro Appointments Booking Calendar Plugin | Medium | 5.4 | 2024-07-18 02:03:53 | Deep Dive |
| CVE-2024-6467 | BookingPress Appointment Booking <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation | reputeinfosystems | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress | High | 8.8 | 2024-07-17 06:45:12 | Deep Dive |
| CVE-2024-6660 | BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File Upload | reputeinfosystems | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress | High | 8.8 | 2024-07-17 06:45:10 | Deep Dive |
| CVE-2024-1094 | Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation | arraytics | Timetics – Appointment Booking & Scheduling | High | 7.3 | 2024-06-14 04:36:55 | Deep Dive |
| CVE-2024-4288 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 6.4 | 2024-05-16 11:05:29 | Deep Dive |
| CVE-2024-2341 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Subscriber+) SQL Injection | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 8.8 | 2024-04-09 18:59:30 | Deep Dive |
| CVE-2024-2342 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Contributor+) SQL Injection via Shortcode | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 8.8 | 2024-04-09 18:58:31 | Deep Dive |
| CVE-2024-3022 | BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload | reputeinfosystems | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress | High | 7.2 | 2024-04-04 01:56:45 | Deep Dive |
| CVE-2024-1760 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.6.20 - Cross-Site Request Forgery to Plugin Data Reset | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 4.3 | 2024-03-06 05:33:23 | Deep Dive |
| CVE-2023-51354 | WordPress Webba Booking Plugin <= 4.5.33 is vulnerable to Cross Site Request Forgery (CSRF) | WebbaPlugins | Appointment & Event Booking Calendar Plugin – Webba Booking | Medium | 4.3 | 2023-12-29 12:23:41 | Deep Dive |
| CVE-2023-50841 | WordPress BookingPress Plugin <= 1.0.72 is vulnerable to SQL Injection | Repute Infosystems | BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin | High | 8.5 | 2023-12-28 18:37:41 | Deep Dive |
| CVE-2023-50851 | WordPress Simply Schedule Appointments Plugin < 1.6.6.1 is vulnerable to SQL Injection | N Squared | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.6 | 2023-12-28 11:28:30 | Deep Dive |
| CVE-2023-49151 | WordPress Google Calendar Events Plugin <= 3.2.6 is vulnerable to Cross Site Scripting (XSS) | Simple Calendar | Simple Calendar – Google Calendar Plugin | Medium | 6.5 | 2023-12-14 17:11:30 | Deep Dive |
| CVE-2023-36507 | WordPress BookingPress Plugin <= 1.0.64 is vulnerable to Sensitive Data Exposure | Repute Infosystems | BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin | Medium | 5.3 | 2023-11-30 15:26:48 | Deep Dive |
| CVE-2023-6219 | BookingPress <= 1.0.76 - Authenticated (Administrator+) Arbitrary File Upload | reputeinfosystems | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress | High | 7.2 | 2023-11-28 02:37:20 | Deep Dive |