vcita — Vulnerabilities & Security Advisories 30

Browse all 30 CVE security advisories affecting vcita. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products vcita:Online Booking & Scheduling Calendar for WordPress by vcita CRM and Lead Management by vcita Event Registration Calendar By vcita Contact Form and Calls To Action by vcita Online Payments – Get Paid with PayPal, Square & Stripe

CVE ID	Title	CVSS	Severity	Paused
CVE-2025-67559	WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Broken Access Control vulnerability — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-862	5.4	Medium	2025-12-09
CVE-2025-67472	WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Cross Site Request Forgery (CSRF) vulnerability — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-352	4.3	Medium	2025-12-09
CVE-2025-54677	WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.5.3 - Arbitrary File Upload Vulnerability — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-434	9.1	Critical	2025-08-20
CVE-2025-54676	WordPress Online Booking & Scheduling Calendar for by vcita Plugin plugin <= 4.5.3 - Cross Site Scripting (XSS) Vulnerability — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-79	6.5	Medium	2025-08-14
CVE-2025-5240	CRM and Lead Management by vcita <= 2.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via type Parameter — CRM and Lead Management by vcitaCWE-79	6.4	Medium	2025-07-22
CVE-2025-32238	WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Sensitive Data Exposure vulnerability — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-209	4.3	Medium	2025-04-04
CVE-2024-13702	CRM and Lead Management by vcita <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — CRM and Lead Management by vcitaCWE-79	6.4	Medium	2025-03-26
CVE-2024-13703	CRM and Lead Management by vcita <= 2.7.5 - Missing Authorization to Authenticated (Susbcriber+) Widget Toggle — CRM and Lead Management by vcitaCWE-862	4.3	Medium	2025-03-13
CVE-2024-11895	Online Payments – Get Paid with PayPal, Square & Stripe <= 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Online Payments – Get Paid with PayPal, Square & StripeCWE-79	6.4	Medium	2025-02-18
CVE-2024-11886	Contact Form and Calls To Action by vcita <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Contact Form and Calls To Action by vcitaCWE-79	6.4	Medium	2025-01-31
CVE-2024-13717	Contact Form and Calls To Action by vcita <= 2.7.1 - Missing Authorization to Authenticated (Subscriber+) Contact/Widget Toggle — Contact Form and Calls To Action by vcitaCWE-862	4.3	Medium	2025-01-31
CVE-2025-22661	WordPress Online Payments plugin <= 3.20.0 - Cross Site Scripting (XSS) vulnerability — Online Payments – Get Paid with PayPal, Square & StripeCWE-79	6.5	Medium	2025-01-21
CVE-2024-11870	Event Registration Calendar By vcita <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Event Registration Calendar By vcitaCWE-79	6.4	Medium	2025-01-15
CVE-2024-54356	WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5 - Cross Site Request Forgery (CSRF) vulnerability — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-352	5.4	Medium	2024-12-16
CVE-2024-9872	Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-79	5.4	Medium	2024-12-06
CVE-2024-47638	WordPress Online Booking & Scheduling Calendar for WordPress plugin <= 4.4.6 - Reflected Cross Site Scripting (XSS) vulnerability — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-79	7.1	High	2024-10-05
CVE-2024-37499	WordPress Online Booking & Scheduling Calendar for WordPress plugin <= 4.4.2 - Local File Inclusion vulnerability — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-22	6.5	Medium	2024-07-09
CVE-2024-5791	Appointment Booking and Online Scheduling <= 4.4.2 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-79	7.2	High	2024-06-22
CVE-2024-35761	WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.4.0 - Cross Site Scripting (XSS) vulnerability — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-79	6.5	Medium	2024-06-21
CVE-2024-5859	Appointment Booking and Online Scheduling <= 4.4.2 - Reflected Cross-Site Scripting — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-79	6.1	Medium	2024-06-21
CVE-2023-2414	Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.6 - Missing Authorization to Settings Update and Arbitrary File Upload — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-862	5.4	Medium	2023-06-09
CVE-2023-2416	Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5 - Cross-Site Request Forgery to Account Logout — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-352	5.4	Medium	2023-06-03
CVE-2023-2298	Online Booking & Scheduling Calendar for WordPress by vcita <= 4.3.0 - Unauthenticated Stored Cross-Site Scripting — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-79	7.2	High	2023-06-03
CVE-2023-2404	CRM and Lead Management by vcita <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — CRM and Lead Management by vcitaCWE-79	6.4	Medium	2023-06-03
CVE-2023-2415	Online Booking & Scheduling Calendar for WordPress by vcita <= 4.2.10 - Missing Authorization to Account Logout — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-862	5.4	Medium	2023-06-03
CVE-2023-2302	Contact Form and Calls To Action by vcita <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Contact Form and Calls To Action by vcitaCWE-79	6.4	Medium	2023-06-03
CVE-2023-2299	Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.2 - Missing Authorization on REST-API — Online Booking & Scheduling Calendar for WordPress by vcitaCWE-862	5.3	Medium	2023-06-03
CVE-2023-2406	Event Registration Calendar By vcita <= 1.3.1 & Online Payments – Get Paid with PayPal, Square & Stripe <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Event Registration Calendar By vcitaCWE-79	6.4	Medium	2023-06-03
CVE-2023-2407	Event Registration Calendar By vcita <= 1.3.1 & Online Payments – Get Paid with PayPal, Square & Stripe <= 3.10.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Event Registration Calendar By vcitaCWE-352	6.1	Medium	2023-06-03
CVE-2023-2405	CRM and Lead Management by vcita <= 2.7.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — CRM and Lead Management by vcitaCWE-352	6.1	Medium	2023-06-03

This page lists every published CVE security advisory associated with vcita. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Support Us — Your donation helps us keep running

vcita — Vulnerabilities & Security Advisories 30