Booking Calendar
wpdevelop
Developer
10.15.4
Latest version
50,000
Installations
No date
Last updated
Vulnerability history
0 present
29 patched
7 Mitigation rules
- Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Settings Modification vulnerability<= 10.14.1418/02/2026
- SQL Injection vulnerability<= 10.14.1514/02/2026
- Missing Authorization to Unauthenticated Booking Details Exposure vulnerability<= 10.14.1330/01/2026
- Admin+ Stored XSS vulnerability< 10.6.530/01/2026
- Missing Authorization to Sensitive Information Exposure vulnerability<= 10.14.1115/01/2026
- Unauthenticated Sensitive Information Exposure vulnerability<= 10.14.1008/01/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via bookingcalendar Shortcode vulnerability<= 10.14.631/12/2025
- Unauthenticated SQL Injection via dates_to_check vulnerability<= 10.14.816/12/2025
- Cross Site Scripting (XSS) vulnerability<= 10.14.713/11/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 10.14.127/08/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via wpbc Shortcode vulnerability<= 10.11.116/05/2025
- Unauthenticated Post-Confirmation Booking Manipulation vulnerability<= 10.1011/02/2025
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'booking' Shortcode vulnerability<= 10.9.213/01/2025
- Admin+ Stored XSS vulnerability< 10.6.307/11/2024
- Authenticated (Admin+) Stored Cross-Site Scripting vulnerability<= 10.604/10/2024
- Reflected Cross-Site Scripting vulnerability<= 10.530/08/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via bookingform Shortcode vulnerability<= 10.2.124/07/2024
- Unauthenticated SQL Injection vulnerability<= 9.907/02/2024
- Cross Site Scripting (XSS) vulnerability< 9.7.427/12/2023
- Unauthenticated Stored Cross-Site Scripting vulnerability<= 9.7.317/10/2023
- SQL Injection<= 9.4.320/01/2023
- Cross-Site Request Forgery (CSRF) leading to Translations Update<= 9.2.106/09/2022
- Insecure Deserialization/PHP Object Injection vulnerability<= 9.127/04/2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 8.9.106/12/2021
- SQL Injection (SQLi) vulnerability<= 8.4.5.1414/02/2019
- Reflected Cross Site Scripting<= 6.201/08/2016
- SQL Injection (SQLi) vulnerability<= 6.201/08/2016
- SQL Injection<= 6.214/07/2016
- Cross-Site Request Forgery (CSRF) vulnerability<= 4.1.501/08/2014