Wielebenwir Commonsbooking — known CVE vulnerabilities
Every CVE whose affected-product data names Wielebenwir Commonsbooking, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2022-0658 — CVSS 9.8 (critical): The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendar_data AJAX action…
CVE-2024-4382 — CVSS 6.5 (medium): The CB (legacy) WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make…
CVE-2024-4381 — CVSS 4.8 (medium): The CB (legacy) WordPress plugin through 0.9.4.18 does not sanitise and escape some of its settings, which could allow high privilege users…