Elbtide Advanced_booking_calendar

7 CVEs affecting Elbtide Advanced_booking_calendar. Latest disclosed: 2022-12-05. Critical: 2, High: 1.

Top CVEs affecting Elbtide Advanced_booking_calendar
CVESeverityScorePublishedSummary
CVE-2022-45822Critical10.02022-12-05Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.
CVE-2022-0694Critical9.82022-03-21The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_…
CVE-2022-1006High7.22022-04-11The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privil…
CVE-2022-1007Medium6.12022-04-11The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading…
CVE-2022-45824Medium5.42022-12-05Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.
CVE-2021-24232Medium5.42021-04-22The Advanced Booking Calendar WordPress plugin before 1.6.8 does not sanitise the license error message when output in the settings page, leading to an authent…
CVE-2021-24225Medium5.42021-04-12The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sanitise the calId GET parameter in the "Seasons & Calendars" page before outputing it in a…