CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24402 – WordPress WP Booking System Plugin <= 2.0.18 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-24402
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar plugin <= 2.0.18 versions. The WP Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/wp-booking-system/wordpress-wp-booking-system-booking-calendar-plugin-2-0-18-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25061 – WP Booking System – Booking Calendar < 2.0.15 - Authenticated Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-25061
The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page. El plugin WP Booking System de WordPress versiones anteriores a 2.0.15, estaba afectado por un ataque de tipo XSS reflejado en wp-booking-system en la página de administración wpbs-calendars • https://plugins.trac.wordpress.org/changeset/2643776/wp-booking-system https://wpscan.com/vulnerability/bd9dc754-08a4-4bfc-8dda-3f5c0e070f7e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12239 – WP Booking System Free version < 1.5.2 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-12239
The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access. El WP Booking System 1.5.1 en WordPress no tiene protección contra CSRF, lo que permite a los atacantes generar ciertos problemas de inyección SQL que requiere de acceso administrativo. • http://dumpco.re/bugs/wp-plugin-wp-booking-system-sqli https://wordpress.org/plugins/wp-booking-system/#developers https://wpvulndb.com/vulnerabilities/9284 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2168 – WP Booking System – Booking Calendar < 1.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-2168
Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo cross-site-scripting en WP Booking System Free versión anterior a 1.4 y WP Booking System Premium versión anterior a 3.7, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados. • http://jvndb.jvn.jp/jvndb/JVNDB-2017-000092 https://jvn.jp/en/jp/JVN96165722/index.html https://wordpress.org/plugins/wp-booking-system/#developers https://wpvulndb.com/vulnerabilities/8830 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •