Vulnerabilities and security researches forbooking-calendar-and-notification booking-calendar-and-notification

Mar 03, 2025

CVE, Research URL: CVE-2024-13746
Home page URL: Security reports for Booking Calendar and Notification
Application: Booking Calendar and Notification
Date: Mar 01, 2025
Research Description: The Booking Calendar and Notification plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on the wpcb_all_bookings(), wpcb_update_booking_post(), and wpcb_delete_posts() functions in all versions up to, and including, 4.0.3. This makes it possible for unauthenticated attackers to extract data, create or update bookings, or delete arbitrary posts.
Affected versions: Min -, max -.
Status: vulnerable

Apr 06, 2025

CVE, Research URL: CVE-2025-31381
Home page URL: Security reports for Booking Calendar and Notification
Application: Booking Calendar and Notification
Date: Apr 04, 2025
Research Description: Missing Authorization vulnerability in shiptrack Booking Calendar and Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar and Notification: from n/a through 4.0.3.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2025-31403
Home page URL: Security reports for Booking Calendar and Notification
Application: Booking Calendar and Notification
Date: Apr 04, 2025
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shiptrack Booking Calendar and Notification allows Blind SQL Injection.This issue affects Booking Calendar and Notification: from n/a through 4.0.3.
Affected versions: Min -, max -.
Status: vulnerable