Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Vulnerability List - Page 4

Clear Filters
Found 193 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2025-4796 Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover arrayticsEventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) High 8.8 2025-08-08 18:26:27 Deep Dive
CVE-2025-7689 Hydra Booking 1.1.0 - 1.1.18 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via tfhb_reset_password_callback Function themeficHydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings High 8.8 2025-07-29 09:23:46 Deep Dive
CVE-2025-48231 WordPress Booking Calendar Contact Form plugin <= 1.2.58 - Cross Site Scripting (XSS) Vulnerability codepeopleBooking Calendar Contact Form Medium 6.5 2025-07-04 11:18:03 Deep Dive
CVE-2025-6814 Booking X 1.0 - 1.1.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via export_now() Function dunskiiBooking X – Appointment and Reservation Availability Calendar High 7.5 2025-07-04 01:44:04 Deep Dive
CVE-2025-4667 Simply Schedule Appointments <= 1.6.8.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes croixhaugAppointment Booking Calendar — Simply Schedule Appointments Booking Plugin Medium 6.4 2025-06-14 09:23:34 Deep Dive
CVE-2025-4669 Booking Calendar <= 10.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpbc Shortcode wpdevelopBooking Calendar Medium 6.4 2025-05-17 11:17:17 Deep Dive
CVE-2025-32299 WordPress QuickCal plugin <= 1.0.15 - Sensitive Data Exposure Vulnerability ThemovationQuickCal - Appointment Booking Calendar for WordPress Medium 4.3 2025-05-16 15:45:30 Deep Dive
CVE-2025-32310 WordPress QuickCal plugin <= 1.0.15 - CSRF to Privilege Escalation vulnerability ThemeMoveQuickCal - Appointment Booking Calendar for WordPress High 8.8 2025-05-16 15:45:28 Deep Dive
CVE-2025-3769 Latepoint <= 5.1.92 - Unauthenticated Insecure Direct Object Reference latepointLatePoint – Calendar Booking Plugin for Appointments and Events Medium 5.3 2025-05-14 11:12:26 Deep Dive
CVE-2025-46247 WordPress Appointment Booking Calendar plugin <= 1.3.92 - Broken Access Control Vulnerability codepeopleAppointment Booking Calendar Medium 5.3 2025-04-22 09:53:32 Deep Dive
CVE-2025-46241 WordPress Appointment Booking Calendar plugin <= 1.3.92 - CSRF to SQL Injection vulnerability codepeopleAppointment Booking Calendar High 8.2 2025-04-22 09:53:28 Deep Dive
CVE-2025-32238 WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Sensitive Data Exposure vulnerability vcitaOnline Booking & Scheduling Calendar for WordPress by vcita Medium 4.3 2025-04-04 15:59:22 Deep Dive
CVE-2025-31381 WordPress Booking Calendar and Notification plugin <= 4.0.3 - Broken Authentication vulnerability shiptrackBooking Calendar and Notification Medium 6.5 2025-04-04 13:44:44 Deep Dive
CVE-2025-31403 WordPress Booking Calendar and Notification plugin <= 4.0.3 - SQL Injection vulnerability shiptrackBooking Calendar and Notification Critical 9.3 2025-04-04 13:34:43 Deep Dive
CVE-2025-2578 Booking for Appointments and Events Calendar – Amelia <= 1.2.19 - Unauthenticated Full Path Disclosure ameliabookingBooking for Appointments and Events Calendar – Amelia Medium 5.3 2025-03-28 07:33:04 Deep Dive
CVE-2025-1119 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticated Arbitrary Shortcode Execution croixhaugAppointment Booking Calendar — Simply Schedule Appointments Booking Plugin High 7.3 2025-03-13 06:56:57 Deep Dive
CVE-2024-13431 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.3 - Reflected Cross-Site Scripting croixhaugAppointment Booking Calendar — Simply Schedule Appointments Booking Plugin Medium 6.1 2025-03-07 08:21:28 Deep Dive
CVE-2024-13746 Booking Calendar and Notification <= 4.0.3 - Missing Authorization via wpcb_all_bookings, wpcb_update_booking_post, and wpcb_delete_posts Functions imznarfBooking Calendar and Notification Medium 6.5 2025-03-01 04:21:49 Deep Dive
CVE-2024-13677 GetBookingsWp - Appointments & Bookings Plugin Basic Version <= 1.1.27 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover istmopluginsGetBookingsWP – Appointments Booking Calendar Plugin For WordPress High 8.8 2025-02-18 04:21:20 Deep Dive
CVE-2024-13821 WP Booking Calendar <= 10.10 - Unauthenticated Post-Confirmation Booking Manipulation wpdevelopBooking Calendar Medium 5.3 2025-02-12 07:35:38 Deep Dive