NotCVE - vendor:"Elbtide"

7 results (0.001 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-45822 – WordPress Advanced Booking Calendar Plugin <= 1.7.1 is vulnerable to SQL Injection

https://notcve.org/view.php?id=CVE-2022-45822

02 Dec 2022 — Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress. No autorizado. Vulnerabilidad de inyección SQL (SQLi) en el complemento Advanced Booking Calendar <= 1.7.1 en WordPress. The Advanced Booking Calendar for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/advanced-booking-calendar/wordpress-advanced-booking-calendar-plugin-1-7-1-unauth-sql-injection-sqli-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-45824 – WordPress Advanced Booking Calendar Plugin <= 1.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2022-45824

01 Dec 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Advanced Booking Calendar <= 1.7.1 en WordPress. The Advanced Booking Calendar for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function... • https://patchstack.com/database/vulnerability/advanced-booking-calendar/wordpress-advanced-booking-calendar-plugin-1-7-1-multiple-cross-site-scripting-csrf-vulnerabilities?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-1007 – Advanced Booking Calendar < 1.7.1 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2022-1007

21 Mar 2022 — The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue El plugin Advanced Booking Calendar de WordPress versiones anteriores a 1.7.1, no sanea y escapa del parámetro room antes de devolverlo a una página de administración, conllevando a un problema de tipo Cross-Site Scripting Reflejado • https://plugins.trac.wordpress.org/changeset/2695427 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-1006 – Advanced Booking Calendar < 1.7.1 - Admin+ SQLi

https://notcve.org/view.php?id=CVE-2022-1006

21 Mar 2022 — The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks El plugin Advanced Booking Calendar de WordPress versiones anteriores a 1.7.1, no sanea y escapa del parámetro id cuando se editan los Calendarios, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de inyección SQL The Advanced Booking Calendar... • https://plugins.trac.wordpress.org/changeset/2695427 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-0694 – Advanced Booking Calendar < 1.7.0 - Unauthenticated SQL Injection

https://notcve.org/view.php?id=CVE-2022-0694

28 Feb 2022 — The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action (available to both unauthenticated and authenticated users), leading to an unauthenticated SQL injection El plugin Advanced Booking Calendar de WordPress versiones anteriores a 1.7.0, no comprueba ni escapa el parámetro calendar antes de usarlo en una sentencia SQL por medio de la acción AJAX abc_booking_getSingle... • https://plugins.trac.wordpress.org/changeset/2682086 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-24232 – Advanced Booking Calendar < 1.6.8 - Authenticated Reflected Cross-Site Scripting (XSS)

https://notcve.org/view.php?id=CVE-2021-24232

30 Mar 2021 — The Advanced Booking Calendar WordPress plugin before 1.6.8 does not sanitise the license error message when output in the settings page, leading to an authenticated reflected Cross-Site Scripting issue El plugin de WordPress Advanced Booking Calendar versiones anteriores a 1.6.8, no sanea el mensaje de error de licencia cuando se muestra en la página de configuración, conllevando un problema de tipo Cross-Site Scripting reflejado y autenticado • https://wpscan.com/vulnerability/f06629b5-8b15-48eb-a7a7-78b693e06b71 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-24225 – Advanced Booking Calendar < 1.6.7 - Authenticated Reflected Cross-Site Scripting (XSS)

https://notcve.org/view.php?id=CVE-2021-24225

28 Mar 2021 — The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sanitise the calId GET parameter in the "Seasons & Calendars" page before outputing it in an A tag, leading to a reflected XSS issue El plugin de WordPress Advanced Booking Calendar versiones anteriores a 1.6.7, no saneaba el parámetro GET calId en la página "Seasons & Calendars" antes de mostrarlo en una etiqueta A, conllevando un problema de tipo XSS reflejado • https://plugins.trac.wordpress.org/changeset/2503971 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •