| CVE-2025-24723 | WordPress Booking Calendar Contact Form Plugin <= 1.2.55 - Stored Cross Site Scripting (XSS) vulnerability | codepeople | Booking Calendar Contact Form | Medium | 5.9 | 2025-01-24 17:25:13 | Deep Dive |
| CVE-2025-22719 | WordPress VikAppointments Services Booking Calendar plugin <= 1.2.16 - CSRF to Stored XSS vulnerability | e4jvikwp | VikAppointments Services Booking Calendar | High | 7.1 | 2025-01-21 13:57:35 | Deep Dive |
| CVE-2024-13323 | Booking Calendar <= 10.9.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'booking' Shortcode | wpdevelop | Booking Calendar | Medium | 6.4 | 2025-01-14 05:24:39 | Deep Dive |
| CVE-2024-12274 | BookingPress < 1.1.23 - Unauthenticated Export File Download | Unknown | Appointment Booking Calendar Plugin and Scheduling Plugin | 高危 | - | 2025-01-13 06:00:01 | Deep Dive |
| CVE-2024-12077 | Booking Calendar and Booking Calendar Pro <= Multiple Versions - Reflected Cross-Site Scripting via 'calendar_id' | wpdevart | Booking calendar, Appointment Booking System | Medium | 6.1 | 2025-01-07 07:22:34 | Deep Dive |
| CVE-2024-10856 | Booking Calendar WpDevArt <= 3.2.19 - Authenticated (Contributor+) SQL Injection | wpdevart | Booking calendar, Appointment Booking System | Medium | 6.5 | 2024-12-24 11:09:51 | Deep Dive |
| CVE-2024-11726 | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.21 - Authenticated (Contributor+) SQL Injection | reputeinfosystems | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress | Medium | 6.5 | 2024-12-24 11:09:50 | Deep Dive |
| CVE-2024-54356 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5 - Cross Site Request Forgery (CSRF) vulnerability | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | Medium | 5.4 | 2024-12-16 14:14:13 | Deep Dive |
| CVE-2024-11855 | Koalendar – Events & Appointments Booking Calendar <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via height Parameter | koalendar | Koalendar – Easy Appointment Scheduling & Booking Plugin | Medium | 6.4 | 2024-12-14 04:23:46 | Deep Dive |
| CVE-2024-11275 | WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Deletion | arraytics | Timetics – Appointment Booking & Scheduling | Medium | 4.3 | 2024-12-13 08:24:52 | Deep Dive |
| CVE-2023-24407 | WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Broken Access Control vulnerability | wpdevart | Booking calendar, Appointment Booking System | Medium | 5.0 | 2024-12-09 11:31:40 | Deep Dive |
| CVE-2023-25037 | WordPress Booking Calendar Contact Form plugin <= 1.2.34 - Broken Access Control vulnerability | codepeople | Booking Calendar Contact Form | Medium | 4.3 | 2024-12-09 11:31:38 | Deep Dive |
| CVE-2024-9872 | Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | Medium | 5.4 | 2024-12-06 08:24:55 | Deep Dive |
| CVE-2024-10893 | WP Booking Calendar < 10.6.5 - Admin+ Stored XSS | Unknown | WP Booking Calendar | 中危 | - | 2024-12-03 06:00:04 | Deep Dive |
| CVE-2024-9504 | Booking calendar, Appointment Booking System <= 3.2.15 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload | wpdevart | Booking calendar, Appointment Booking System | High | 7.2 | 2024-11-26 07:31:31 | Deep Dive |
| CVE-2024-51873 | WordPress Multi-day Booking Calendar plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | Masashi Takizawa | Multi-day Booking Calendar | Medium | 6.5 | 2024-11-19 16:31:22 | Deep Dive |
| CVE-2024-10027 | WP Booking Calendar < 10.6.3 - Admin+ Stored XSS | Unknown | WP Booking Calendar | - | - | 2024-11-07 06:00:06 | Deep Dive |
| CVE-2024-7877 | Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS | Unknown | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | - | - | 2024-11-05 06:00:08 | Deep Dive |
| CVE-2024-7876 | Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS | Unknown | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | - | - | 2024-11-05 06:00:07 | Deep Dive |
| CVE-2024-10540 | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.16 - Authenticated (Subscriber+) SQL Injection | reputeinfosystems | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress | Medium | 5.3 | 2024-11-02 02:03:08 | Deep Dive |