Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Online Booking & Scheduling Calendar for WordPress by vcita — Vulnerabilities & Security Advisories 19

All 19 CVE vulnerabilities found in Online Booking & Scheduling Calendar for WordPress by vcita, with AI-generated Chinese analysis, references, and POCs.

Vendor: vcita

CVE IDTitleCVSSSeverityPublished
CVE-2025-67559 WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Broken Access Control vulnerability CWE-862 5.4 Medium2025-12-09
CVE-2025-67472 WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Cross Site Request Forgery (CSRF) vulnerability CWE-352 4.3 Medium2025-12-09
CVE-2025-54677 WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.5.3 - Arbitrary File Upload Vulnerability CWE-434 9.1 Critical2025-08-20
CVE-2025-54676 WordPress Online Booking & Scheduling Calendar for by vcita Plugin plugin <= 4.5.3 - Cross Site Scripting (XSS) Vulnerability CWE-79 6.5 Medium2025-08-14
CVE-2025-32238 WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Sensitive Data Exposure vulnerability CWE-209 4.3 Medium2025-04-04
CVE-2024-54356 WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5 - Cross Site Request Forgery (CSRF) vulnerability CWE-352 5.4 Medium2024-12-16
CVE-2024-9872 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting CWE-79 5.4 Medium2024-12-06
CVE-2024-47638 WordPress Online Booking & Scheduling Calendar for WordPress plugin <= 4.4.6 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2024-10-05
CVE-2024-37262 WordPress Online Booking & Scheduling Calendar plugin <= 4.4.2 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2024-07-22
CVE-2024-37499 WordPress Online Booking & Scheduling Calendar for WordPress plugin <= 4.4.2 - Local File Inclusion vulnerability CWE-22 6.5 Medium2024-07-09
CVE-2024-5791 Appointment Booking and Online Scheduling <= 4.4.2 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting CWE-79 7.2 High2024-06-22
CVE-2024-35761 WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.4.0 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2024-06-21
CVE-2024-5859 Appointment Booking and Online Scheduling <= 4.4.2 - Reflected Cross-Site Scripting CWE-79 6.1 Medium2024-06-21
CVE-2023-39992 WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.3.2 is vulnerable to Cross Site Scripting (XSS) CWE-79 7.1 High2023-09-04
CVE-2023-2414 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.6 - Missing Authorization to Settings Update and Arbitrary File Upload CWE-862 5.4 Medium2023-06-09
CVE-2023-2416 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5 - Cross-Site Request Forgery to Account Logout CWE-352 5.4 Medium2023-06-03
CVE-2023-2298 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.3.0 - Unauthenticated Stored Cross-Site Scripting CWE-79 7.2 High2023-06-03
CVE-2023-2415 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.2.10 - Missing Authorization to Account Logout CWE-862 5.4 Medium2023-06-03
CVE-2023-2299 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.2 - Missing Authorization on REST-API CWE-862 5.3 Medium2023-06-03

All 19 known CVE vulnerabilities affecting Online Booking & Scheduling Calendar for WordPress by vcita with full Chinese analysis, references, and POCs where available.