Elbtide Advanced Booking Calendar — known CVE vulnerabilities
Every CVE whose affected-product data names Elbtide Advanced Booking Calendar, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2022-0694 — CVSS 9.8 (critical): The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL…
CVE-2022-1006 — CVSS 7.2 (high): The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which…
CVE-2022-1007 — CVSS 6.1 (medium): The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an…
CVE-2021-24225 — CVSS 5.4 (medium): The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sanitise the calId GET parameter in the "Seasons & Calendars" page…
CVE-2021-24232 — CVSS 5.4 (medium): The Advanced Booking Calendar WordPress plugin before 1.6.8 does not sanitise the license error message when output in the settings page…
CVE-2022-45824 — CVSS 5.4 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.