The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it...
7.3CVSS
7AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg WP Simple Booking Calendar.This issue affects WP Simple Booking Calendar: from n/a through...
6.8AI Score
0.0004EPSS
The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to, and including, 3.1.41 due to insufficient input sanitization and output escaping. This makes it.....
6.1CVSS
6.4AI Score
0.0004EPSS
The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
9.8CVSS
9.5AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPdevelop / Oplugins WP Booking Calendar allows Stored XSS.This issue affects WP Booking Calendar: from n/a before...
6.5CVSS
5.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce allows Stored XSS.This issue affects WP Event Manager – Events Calendar, Registrations, Sell...
5.9CVSS
5.8AI Score
0.0004EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin <= 3.1.39...
7.1CVSS
6AI Score
0.0005EPSS
The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.37.1 due to insufficient input sanitization and output escaping. This makes it possible...
4.8CVSS
4.8AI Score
0.0005EPSS
Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a...
8.8CVSS
8.8AI Score
0.004EPSS
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar plugin <= 2.0.18...
5.9CVSS
4.9AI Score
0.0005EPSS
Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen WP Calendar plugin <= 1.5.3...
5.4CVSS
5.2AI Score
0.001EPSS
The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site...
6.1CVSS
6AI Score
0.001EPSS
The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...
4.8CVSS
4.7AI Score
0.001EPSS
The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...
4.8CVSS
4.8AI Score
0.001EPSS
The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin...
5.4CVSS
5.4AI Score
0.001EPSS
The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection...
8.8CVSS
8.8AI Score
0.001EPSS
The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to...
9.8CVSS
9.9AI Score
0.003EPSS
The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication -...
6.1CVSS
5.9AI Score
0.001EPSS