| CVE-2025-13754 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.16 - Missing Authorization to Unauthenticated Sensitive Information Exposure | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 5.3 | 2025-12-19 06:48:22 | Deep Dive |
| CVE-2025-12976 | Events Manager <= 7.2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events_list_grouped' Shortcode | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | Medium | 6.4 | 2025-12-18 07:20:46 | Deep Dive |
| CVE-2025-14383 | Booking Calendar <= 10.14.8 - Unauthenticated SQL Injection via dates_to_check | wpdevelop | Booking Calendar | High | 7.5 | 2025-12-15 14:25:12 | Deep Dive |
| CVE-2025-12408 | Events Manager <= 7.2.2.2 - Unauthenticated Information Exposure | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | Medium | 5.3 | 2025-12-12 11:15:51 | Deep Dive |
| CVE-2025-12407 | Events Manager – Calendar, Bookings, Tickets, and more! <= 7.2.2.2 - Cross-Site Request Forgery to Location Deletion | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | Medium | 4.3 | 2025-12-12 11:15:51 | Deep Dive |
| CVE-2025-67592 | WordPress My Calendar plugin <= 3.6.16 - Broken Access Control vulnerability | Joe Dolson | My Calendar | Medium | 4.3 | 2025-12-09 14:14:18 | Deep Dive |
| CVE-2025-67574 | WordPress Booking calendar, Appointment Booking System plugin <= 3.2.30 - Broken Access Control vulnerability | wpdevart | Booking calendar, Appointment Booking System | Medium | 5.3 | 2025-12-09 14:14:14 | Deep Dive |
| CVE-2025-67559 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Broken Access Control vulnerability | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | Medium | 5.4 | 2025-12-09 14:14:09 | Deep Dive |
| CVE-2025-67472 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Cross Site Request Forgery (CSRF) vulnerability | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | Medium | 4.3 | 2025-12-09 14:13:57 | Deep Dive |
| CVE-2025-12804 | Booking Calendar <= 10.14.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingcalendar Shortcode | wpdevelop | Booking Calendar | Medium | 6.4 | 2025-12-05 01:55:22 | Deep Dive |
| CVE-2025-13756 | Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution <= 1.9.11 - Authenticated (Subscriber+) Missing Authorization to Calendar Import and Management | techjewel | Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution | Medium | 4.3 | 2025-12-03 13:52:45 | Deep Dive |
| CVE-2025-13318 | Booking Calendar Contact Form <= 1.2.60 - Missing Authorization to Unauthenticated Arbitrary Booking Confirmation via 'dex_bccf_ipn' Parameter | codepeople | Booking Calendar Contact Form | Medium | 5.3 | 2025-11-22 08:30:30 | Deep Dive |
| CVE-2025-13317 | Appointment Booking Calendar <= 1.3.96 - Missing Authorization to Arbitrary Booking Confirmation via 'cpabc_ipncheck' Parameter | codepeople | Appointment Booking Calendar | Medium | 5.3 | 2025-11-22 07:29:19 | Deep Dive |
| CVE-2025-12482 | Booking for Appointments and Events Calendar – Amelia <= 1.2.35 - Unauthenticated SQL Injection via search | ameliabooking | Booking for Appointments and Events Calendar – Amelia | High | 7.5 | 2025-11-16 04:17:30 | Deep Dive |
| CVE-2025-64381 | WordPress Booking Calendar plugin <= 10.14.7 - Cross Site Scripting (XSS) vulnerability | wpdevelop | Booking Calendar | 中危 | - | 2025-11-13 09:24:35 | Deep Dive |
| CVE-2025-64261 | WordPress Appointment Booking Calendar plugin <= 1.3.95 - Broken Access Control vulnerability | codepeople | Appointment Booking Calendar | Medium | 5.4 | 2025-11-13 09:24:27 | Deep Dive |
| CVE-2025-12633 | Booking Calendar | Appointment Booking | Bookit <= 2.5.0 - Missing Authorization to Unauthenticated Stripe Connection | stellarwp | Bookit — Booking & Appointment Calendar | High | 7.5 | 2025-11-12 07:27:41 | Deep Dive |
| CVE-2025-12788 | Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Missing Payment Verification to Unauthenticated Payment Bypass | themefic | Hydra Booking — Appointment Scheduling & Booking Calendar | Medium | 5.3 | 2025-11-11 11:03:46 | Deep Dive |
| CVE-2025-12787 | Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation | themefic | Hydra Booking — Appointment Scheduling & Booking Calendar | Medium | 5.3 | 2025-11-11 11:03:45 | Deep Dive |
| CVE-2025-12813 | Holiday class post calendar <= 7.1 - Unauthenticated Remote Code Execution via 'contents' | strix-bubol5 | Holiday class post calendar | Critical | 9.8 | 2025-11-11 03:30:43 | Deep Dive |