| CVE-2024-9263 | WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.25 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover | arraytics | Timetics – Appointment Booking & Scheduling | Critical | 9.8 | 2024-10-17 03:32:49 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-47638 | WordPress Online Booking & Scheduling Calendar for WordPress plugin <= 4.4.6 - Reflected Cross Site Scripting (XSS) vulnerability | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | High | 7.1 | 2024-10-05 13:03:22 | Deep Dive |
| CVE-2024-9306 | WP Booking Calendar <= 10.6 - Authenticated (Admin+) Stored Cross-Site Scripting | wpdevelop | Booking Calendar | Medium | 4.4 | 2024-10-04 06:48:40 | Deep Dive |
| CVE-2024-8671 | WooEvents <= 4.1.2 - Unauthenticated Arbitrary File Overwrite | Ex-Themes | WooEvents - Calendar and Event Booking | Critical | 9.1 | 2024-09-24 03:06:38 | Deep Dive |
| CVE-2024-8432 | Appointment & Event Booking Calendar Plugin – Webba Booking <= 5.0.48 - Missing Authorization to Authenticated (Subscriber+) CSS Settings Update | webba-agency | Easy Appointment Booking & Scheduling System – Webba Booking Calendar | Medium | 4.3 | 2024-09-24 01:56:45 | Deep Dive |
| CVE-2024-8797 | WP Booking System – Booking Calendar <= 2.0.19.8 - Reflected Cross-Site Scripting | murgroland | WP Booking System – Booking Calendar | Medium | 6.1 | 2024-09-14 05:40:43 | Deep Dive |
| CVE-2024-8663 | WP Simple Booking Calendar <= 2.0.10 - Reflected Cross-Site Scripting | murgroland | WP Simple Booking Calendar | Medium | 6.1 | 2024-09-13 06:47:30 | Deep Dive |
| CVE-2024-7129 | Appointment Booking Calendar < 1.6.7.43 - Admin+ Template Injection to RCE | Unknown | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | - | - | 2024-09-13 06:00:04 | Deep Dive |
| CVE-2024-6332 | Booking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.4 - Missing Authorization to Sensitive Information Exposure | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 6.5 | 2024-09-05 09:29:49 | Deep Dive |
| CVE-2024-8274 | WP Booking Calendar <= 10.5 - Reflected Cross-Site Scripting | wpdevelop | Booking Calendar | Medium | 6.1 | 2024-08-30 09:29:49 | Deep Dive |
| CVE-2024-6552 | Booking for Appointments and Events Calendar – Amelia <= 1.2 - Unauthenticated Full Path Disclosure | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 5.3 | 2024-08-08 03:30:46 | Deep Dive |
| CVE-2024-7350 | Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress 1.1.6 - 1.1.7 - Authentication Bypass to Account Takeover | reputeinfosystems | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress | Critical | 9.8 | 2024-08-08 02:32:07 | Deep Dive |
| CVE-2024-6930 | WP Booking Calendar <= 10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingform Shortcode | wpdevelop | Booking Calendar | Medium | 6.4 | 2024-07-24 07:31:48 | Deep Dive |
| CVE-2024-37262 | WordPress Online Booking & Scheduling Calendar plugin <= 4.4.2 - Reflected Cross Site Scripting (XSS) vulnerability | vCita.com | Online Booking & Scheduling Calendar for WordPress by vcita | High | 7.1 | 2024-07-22 09:02:50 | Deep Dive |
| CVE-2024-6175 | Booking Ultra Pro <= 1.1.13 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Updates | deetronix | Booking Ultra Pro Appointments Booking Calendar Plugin | Medium | 5.4 | 2024-07-18 02:03:53 | Deep Dive |
| CVE-2024-6467 | BookingPress Appointment Booking <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation | reputeinfosystems | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress | High | 8.8 | 2024-07-17 06:45:12 | Deep Dive |
| CVE-2024-6660 | BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File Upload | reputeinfosystems | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress | High | 8.8 | 2024-07-17 06:45:10 | Deep Dive |
| CVE-2024-37499 | WordPress Online Booking & Scheduling Calendar for WordPress plugin <= 4.4.2 - Local File Inclusion vulnerability | vCita | Online Booking & Scheduling Calendar for WordPress by vcita | Medium | 6.5 | 2024-07-09 11:55:34 | Deep Dive |
| CVE-2024-5791 | Appointment Booking and Online Scheduling <= 4.4.2 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | High | 7.2 | 2024-06-22 02:01:07 | Deep Dive |