Wpdevart Booking Calendar, Appointment Booking System

10 CVEs affecting Wpdevart Booking Calendar, Appointment Booking System. Latest disclosed: 2026-03-25. Critical: 0, High: 2.

Top CVEs affecting Wpdevart Booking Calendar, Appointment Booking System
CVE	Severity	Score	Published	Summary
`CVE-2024-9504`	High	`7.2`	2024-11-26	The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to…
`CVE-2026-25435`	High	`7.1`	2026-03-25	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Booking calendar, Appointment Booking System boo…
`CVE-2022-47428`	Medium	`6.7`	2023-11-06	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System all…
`CVE-2024-10856`	Medium	`6.5`	2024-12-24	The Booking Calendar WpDevArt plugin is vulnerable to time-based, blind SQL injection via the `id` parameter in the “wpdevart_booking_calendar” shortcode in ve…
`CVE-2024-12077`	Medium	`6.1`	2025-01-07	The Booking Calendar and Booking Calendar Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘calendar_id’ parameter in all ver…
`CVE-2022-47438`	Medium	`5.9`	2023-03-29	Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions.
`CVE-2025-67574`	Medium	`5.3`	2025-12-09	Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access C…
`CVE-2023-24407`	Medium	`5.0`	2024-12-09	Missing Authorization vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Exploiting Incorrectly Configured Access Control Security L…
`CVE-2023-24388`	Medium	`4.3`	2023-02-17	Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions…
`CVE-2023-24373`	Low	`3.7`	2024-06-03	External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.Th…