Wpdevelop Booking Calendar
19 CVEs affecting Wpdevelop Booking Calendar. Latest disclosed: 2026-03-13. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-1207 | Critical | 9.8 | 2024-02-08 | The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to… |
CVE-2022-1463 | High | 8.8 | 2022-05-10 | The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1… |
CVE-2026-32358 | High | 7.6 | 2026-03-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injec… |
CVE-2025-14383 | High | 7.5 | 2025-12-15 | The Booking Calendar plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'dates_to_check' parameter in all versions up to, and includi… |
CVE-2025-64381 | Medium | 6.5 | 2025-11-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Calendar booking allows Stored XSS.This… |
CVE-2025-12804 | Medium | 6.4 | 2025-12-05 | The Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'bookingcalendar' shortcode in all versions up to, and in… |
CVE-2025-9346 | Medium | 6.4 | 2025-08-28 | The Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 10.14.1 due to insuff… |
CVE-2025-4669 | Medium | 6.4 | 2025-05-17 | The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpbc shortcode in all versions up to, and including… |
CVE-2024-13323 | Medium | 6.4 | 2025-01-14 | The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' shortcode in all versions up to, and inclu… |
CVE-2024-6930 | Medium | 6.4 | 2024-07-24 | The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in… |
CVE-2024-8274 | Medium | 6.1 | 2024-08-30 | The WP Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters from 'timeline_obj' in all versions up to… |
CVE-2017-2151 | Medium | 6.1 | 2017-04-28 | Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified v… |
CVE-2026-1431 | Medium | 5.3 | 2026-01-31 | The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbc_ajax_WPBC_FLEXTIMELINE_NAV… |
CVE-2025-14146 | Medium | 5.3 | 2026-01-09 | The Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 10.14.10 via the `WPBC_FLEXTIME… |
CVE-2024-13821 | Medium | 5.3 | 2025-02-12 | The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.1… |
CVE-2017-2150 | Medium | 5.3 | 2017-04-28 | Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_cha… |
CVE-2024-9306 | Medium | 4.4 | 2024-10-04 | The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to… |
CVE-2026-2230 | Medium | 4.3 | 2026-02-18 | The Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 10.14.14 via the handle_ajax_… |
CVE-2025-14982 | Medium | 4.3 | 2026-01-16 | The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including… |