Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Booking Calendar — Vulnerabilities & Security Advisories 22

All 22 CVE vulnerabilities found in Booking Calendar, with AI-generated Chinese analysis, references, and POCs.

Vendor: wpdevelop

CVE IDTitleCVSSSeverityPaused
CVE-2026-32358 WordPress Booking Calendar plugin <= 10.14.15 - SQL Injection vulnerability CWE-89 9.8 -2026-03-13
CVE-2026-2230 Booking Calendar <= 10.14.14 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Settings Modification CWE-639 4.3 Medium2026-02-18
CVE-2026-1431 Booking Calendar <= 10.14.13 - Missing Authorization to Unauthenticated Booking Details Exposure CWE-862 5.3 Medium2026-01-31
CVE-2025-14982 Booking Calendar <= 10.14.11 - Missing Authorization to Sensitive Information Exposure CWE-862 4.3 Medium2026-01-16
CVE-2025-14146 Booking Calendar <= 10.14.10 - Unauthenticated Sensitive Information Exposure CWE-862 5.3 Medium2026-01-09
CVE-2025-14383 Booking Calendar <= 10.14.8 - Unauthenticated SQL Injection via dates_to_check CWE-89 7.5 High2025-12-15
CVE-2025-12804 Booking Calendar <= 10.14.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingcalendar Shortcode CWE-79 6.4 Medium2025-12-05
CVE-2025-64381 WordPress Booking Calendar plugin <= 10.14.7 - Cross Site Scripting (XSS) vulnerability CWE-79 5.4 -2025-11-13
CVE-2025-9346 Booking Calendar <= 10.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-08-28
CVE-2025-4669 Booking Calendar <= 10.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpbc Shortcode CWE-79 6.4 Medium2025-05-17
CVE-2024-13821 WP Booking Calendar <= 10.10 - Unauthenticated Post-Confirmation Booking Manipulation CWE-285 5.3 Medium2025-02-12
CVE-2024-13323 Booking Calendar <= 10.9.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'booking' Shortcode CWE-79 6.4 Medium2025-01-14
CVE-2024-9306 WP Booking Calendar <= 10.6 - Authenticated (Admin+) Stored Cross-Site Scripting CWE-79 4.4 Medium2024-10-04
CVE-2024-8274 WP Booking Calendar <= 10.5 - Reflected Cross-Site Scripting CWE-79 6.1 Medium2024-08-30
CVE-2024-6930 WP Booking Calendar <= 10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingform Shortcode CWE-79 6.4 Medium2024-07-24
CVE-2023-23991 WordPress Booking Calendar plugin <= 9.4.3 - SQL Injection CWE-89 7.6 High2024-03-26
CVE-2024-1207 Booking Calendar <= 9.9 - Unauthenticated SQL Injection CWE-89 9.8 Critical2024-02-08
CVE-2023-4620 Booking Calendar < 9.7.3.1 - Unauthenticated Stored XSS 5.4 -2023-10-16
CVE-2022-1463 Booking Calendar <= 9.1 - PHP Object Injection via Shortcode CWE-502 8.8 High2022-05-10
CVE-2021-25040 Booking Calendar < 8.9.2 - Reflected Cross-Site Scripting CWE-79 6.1 -2022-01-03
CVE-2017-2150 WordPress Booking Calendar 路径遍历漏洞 6.5 -2017-04-28
CVE-2017-2151 WordPress Booking Calendar 跨站脚本漏洞 6.1 -2017-04-28

All 22 known CVE vulnerabilities affecting Booking Calendar with full Chinese analysis, references, and POCs where available.