Elbtide Advanced_booking_calendar
7 CVEs affecting Elbtide Advanced_booking_calendar. Latest disclosed: 2022-12-05. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-45822 | Critical | 10.0 | 2022-12-05 | Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress. |
CVE-2022-0694 | Critical | 9.8 | 2022-03-21 | The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_… |
CVE-2022-1006 | High | 7.2 | 2022-04-11 | The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privil… |
CVE-2022-1007 | Medium | 6.1 | 2022-04-11 | The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading… |
CVE-2022-45824 | Medium | 5.4 | 2022-12-05 | Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress. |
CVE-2021-24232 | Medium | 5.4 | 2021-04-22 | The Advanced Booking Calendar WordPress plugin before 1.6.8 does not sanitise the license error message when output in the settings page, leading to an authent… |
CVE-2021-24225 | Medium | 5.4 | 2021-04-12 | The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sanitise the calId GET parameter in the "Seasons & Calendars" page before outputing it in a… |