| CVE-2024-35761 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.4.0 - Cross Site Scripting (XSS) vulnerability | vCita | Online Booking & Scheduling Calendar for WordPress by vcita | Medium | 6.5 | 2024-06-21 12:38:39 | Deep Dive |
| CVE-2024-5859 | Appointment Booking and Online Scheduling <= 4.4.2 - Reflected Cross-Site Scripting | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | Medium | 6.1 | 2024-06-21 08:39:43 | Deep Dive |
| CVE-2024-6225 | Amelia <= 1.1.5 & Amelia (Pro) <= 7.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 4.4 | 2024-06-21 07:39:57 | Deep Dive |
| CVE-2024-1094 | Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation | arraytics | Timetics – Appointment Booking & Scheduling | High | 7.3 | 2024-06-14 04:36:55 | Deep Dive |
| CVE-2023-24373 | WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Bypass vulnerability | WpDevArt | Booking calendar, Appointment Booking System | Low | 3.7 | 2024-06-03 21:35:58 | Deep Dive |
| CVE-2024-4288 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 6.4 | 2024-05-16 11:05:29 | Deep Dive |
| CVE-2024-2341 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Subscriber+) SQL Injection | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 8.8 | 2024-04-09 18:59:30 | Deep Dive |
| CVE-2024-2342 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Contributor+) SQL Injection via Shortcode | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 8.8 | 2024-04-09 18:58:31 | Deep Dive |
| CVE-2024-3022 | BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload | reputeinfosystems | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress | High | 7.2 | 2024-04-04 01:56:45 | Deep Dive |
| CVE-2023-23991 | WordPress Booking Calendar plugin <= 9.4.3 - SQL Injection | WPdevelop / Oplugins | Booking Calendar | High | 7.6 | 2024-03-26 08:56:12 | Deep Dive |
| CVE-2024-0856 | Booking Calendar < 1.3.83 - CSRF appointment scheduling | Unknown | Appointment Booking Calendar | - | - | 2024-03-20 05:00:03 | Deep Dive |
| CVE-2023-51525 | WordPress WP Simple Booking Calendar plugin <= 2.0.8.4 - Cross Site Request Forgery (CSRF) vulnerability | Roland Murg | WP Simple Booking Calendar | Medium | 4.3 | 2024-03-15 14:06:37 | Deep Dive |
| CVE-2024-1484 | Booking for Appointments and Events Calendar – Amelia <= 1.0.98 - Reflected Cross-Site Scripting | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 6.1 | 2024-03-13 15:26:45 | Deep Dive |
| CVE-2024-1760 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.6.20 - Cross-Site Request Forgery to Plugin Data Reset | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 4.3 | 2024-03-06 05:33:23 | Deep Dive |
| CVE-2024-1207 | Booking Calendar <= 9.9 - Unauthenticated SQL Injection | wpdevelop | Booking Calendar | Critical | 9.8 | 2024-02-08 08:32:08 | Deep Dive |
| CVE-2023-6808 | Booking for Appointments and Events Calendar – Amelia <= 1.0.93 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 6.4 | 2024-02-05 21:21:57 | Deep Dive |
| CVE-2023-51520 | WordPress Booking Calendar Plugin < 9.7.4 is vulnerable to Cross Site Scripting (XSS) | WPdevelop / Oplugins | WP Booking Calendar | Medium | 6.5 | 2024-02-01 11:14:46 | Deep Dive |
| CVE-2023-51354 | WordPress Webba Booking Plugin <= 4.5.33 is vulnerable to Cross Site Request Forgery (CSRF) | WebbaPlugins | Appointment & Event Booking Calendar Plugin – Webba Booking | Medium | 4.3 | 2023-12-29 12:23:41 | Deep Dive |
| CVE-2023-50841 | WordPress BookingPress Plugin <= 1.0.72 is vulnerable to SQL Injection | Repute Infosystems | BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin | High | 8.5 | 2023-12-28 18:37:41 | Deep Dive |
| CVE-2023-50852 | WordPress BookIt Plugin <= 2.4.3 is vulnerable to SQL Injection | StylemixThemes | Booking Calendar | Appointment Booking | BookIt | High | 7.6 | 2023-12-28 11:30:57 | Deep Dive |