Vulnerabilities and security researches forbooking-package booking-package

Jun 06, 2024

CVE, Research URL: CVE-2021-20840
Home page URL: Security reports for Booking Package
Application: Booking Package
Date: Nov 24, 2021
Research Description: Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar System versions prior to 1.5.11 allows a remote attacker to inject an arbitrary script via unspecified vectors.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-0709
Home page URL: Security reports for Booking Package
Application: Booking Package
Date: Apr 04, 2022
Research Description: The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-37389
Home page URL: Security reports for Booking Package
Application: Booking Package
Date: May 17, 2024
Research Description: Improper Privilege Management vulnerability in SAASPROJECT Booking Package Booking Package allows Privilege Escalation.This issue affects Booking Package: from n/a through 1.5.98.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-39918
Home page URL: Security reports for Booking Package
Application: Booking Package
Date: Sep 04, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SAASPROJECT Booking Package Booking Package plugin <= 1.6.01 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-30516
Home page URL: Security reports for Booking Package
Application: Booking Package
Date: -
Research Description: Booking Package [booking-package] < 1.6.29 CVE-2024-30516
Affected versions: Min -, max -.
Status: vulnerable

Feb 20, 2025

CVE, Research URL: CVE-2024-13508
Home page URL: Security reports for Booking Package
Application: Booking Package
Date: Feb 19, 2025
Research Description: The Booking Package plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the locale parameter in all versions up to, and including, 1.6.72 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable