Wpdevart Booking Calendar — known CVE vulnerabilities
Every CVE whose affected-product data names Wpdevart Booking Calendar, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2022-3982 — CVSS 9.8 (critical): The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow…
CVE-2018-10363 — CVSS 7.5 (high): An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters…
CVE-2022-47428 — CVSS 6.7 (medium): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar…
CVE-2024-10856 — CVSS 6.5 (medium): The Booking Calendar WpDevArt plugin is vulnerable to time-based, blind SQL injection via the `id` parameter in the “wpdevart_booking_cale…
CVE-2022-47438 — CVSS 5.9 (medium): Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3…
CVE-2023-24407 — CVSS 5.0 (medium): Missing Authorization vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Exploiting Incorrectly Configured…
CVE-2023-24388 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects…
CVE-2023-24373 — CVSS 3.7 (low): External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows…