WP Booking System – Booking Calendar

Information

Software Type Plugin
Software Slug wp-booking-system (view on wordpress.org)
Software Status Active
Software Author murgroland
Software Website www.wpbookingsystem.com
Software Downloads 288,233
Software Active Installs 10,000
Software Record Last Updated November 21, 2024

7 Vulnerabilities

Title Status CVE ID CVSS Researchers Date
WP Booking System Free version < 1.5.2 - Cross-Site Request Forgery Patched CVE-2019-12239 9.8 Magnus K. Stubman May 22, 2019
WP Booking System – Booking Calendar <= 2.0.19.8 - Reflected Cross-Site Scripting Patched CVE-2024-8797 6.1 vgo0 September 13, 2024
WP Booking System – Booking Calendar <= 2.0.14 - Reflected Cross-Site Scripting Patched CVE-2021-25061 6.1 Krzysztof Zając December 10, 2021
WP Booking System – Booking Calendar < 1.4 - Cross-Site Scripting Patched CVE-2017-2168 6.1 Satoshi Takagi May 16, 2017
WP Booking System <= 2.0.18 - Authenticated (Admin+) Stored Cross Site Scripting Patched CVE-2023-24402 4.4 Abdi Pranata February 2, 2023
WP Booking System <= 2.0.19.10 - Missing Authorization via wpbs_refresh_calendar_editor Patched CVE-2024-50425 4.3 Trương Hữu Phúc (truonghuuphuc) October 24, 2024
WP Booking System <= 2.0.19.2 - Missing Authorization Patched CVE-2023-49758 4.3 Abdi Pranata December 4, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation