RSS   Vulnerabilities for 'Booking package'   RSS

2022-04-04
 
CVE-2022-0709

NVD-CWE-noinfo
 

 
The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability.

 
2021-11-24
 
CVE-2021-20840

CWE-79
 

 
Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar System versions prior to 1.5.11 allows a remote attacker to inject an arbitrary script via unspecified vectors.

 


Copyright 2024, cxsecurity.com

 

Back to Top