Vulnerabilities and security researches forbooking-ultra-pro booking-ultra-pro

Jun 07, 2024

CVE, Research URL: CVE-2021-36854
Home page URL: Security reports for Booking Ultra Pro Appointments Booking Calendar Plugin
Application: Booking Ultra Pro Appointments Booking Calendar Plugin
Date: Sep 30, 2022
Research Description: Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress.
Affected versions: max 1.1.7.
Status: vulnerable

CVE, Research URL: CVE-2021-36855
Home page URL: Security reports for Booking Ultra Pro Appointments Booking Calendar Plugin
Application: Booking Ultra Pro Appointments Booking Calendar Plugin
Date: Sep 30, 2022
Research Description: Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress.
Affected versions: max 1.1.6.
Status: vulnerable

CVE, Research URL: CVE-2022-46816
Home page URL: Security reports for Booking Ultra Pro Appointments Booking Calendar Plugin
Application: Booking Ultra Pro Appointments Booking Calendar Plugin
Date: May 24, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.4 versions.
Affected versions: max 1.1.7.
Status: vulnerable

CVE, Research URL: CVE-2023-32236
Home page URL: Security reports for Booking Ultra Pro Appointments Booking Calendar Plugin
Application: Booking Ultra Pro Appointments Booking Calendar Plugin
Date: Aug 23, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin <= 1.1.8 versions.
Affected versions: max 1.1.9.
Status: vulnerable

CVE, Research URL: CVE-2024-32960
Home page URL: Security reports for Booking Ultra Pro Appointments Booking Calendar Plugin
Application: Booking Ultra Pro Appointments Booking Calendar Plugin
Date: May 17, 2024
Research Description: Improper Privilege Management vulnerability in Booking Ultra Pro allows Privilege Escalation.This issue affects Booking Ultra Pro: from n/a through 1.1.12.
Affected versions: max 1.1.13.
Status: vulnerable

CVE, Research URL: CVE-2023-32511
Home page URL: Security reports for Booking Ultra Pro Appointments Booking Calendar Plugin
Application: Booking Ultra Pro Appointments Booking Calendar Plugin
Date: Aug 24, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.8 versions.
Affected versions: max 1.1.7.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-32601
Home page URL: Security reports for Booking Ultra Pro Appointments Booking Calendar Plugin
Application: Booking Ultra Pro Appointments Booking Calendar Plugin
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in Booking Ultra Pro Booking Ultra Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Ultra Pro: from n/a through 1.1.12.
Affected versions: max 1.1.7.
Status: vulnerable

Jul 14, 2024

CVE, Research URL: CVE-2024-38676
Home page URL: Security reports for Booking Ultra Pro Appointments Booking Calendar Plugin
Application: Booking Ultra Pro Appointments Booking Calendar Plugin
Date: Jul 20, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Booking Ultra Pro allows Stored XSS.This issue affects Booking Ultra Pro: from n/a through 1.1.13.
Affected versions: max 1.1.13.
Status: vulnerable

CVE, Research URL: CVE-2024-38717
Home page URL: Security reports for Booking Ultra Pro Appointments Booking Calendar Plugin
Application: Booking Ultra Pro Appointments Booking Calendar Plugin
Date: Jul 12, 2024
Research Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Booking Ultra Pro allows PHP Local File Inclusion.This issue affects Booking Ultra Pro: from n/a through 1.1.13.
Affected versions: max 1.1.13.
Status: vulnerable

Jul 18, 2024

CVE, Research URL: CVE-2024-6175
Home page URL: Security reports for Booking Ultra Pro Appointments Booking Calendar Plugin
Application: Booking Ultra Pro Appointments Booking Calendar Plugin
Date: Jul 18, 2024
Research Description: The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the multiple functions in all versions up to, and including, 1.1.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify and delete. multiple plugin options and data such as payments, pricing, booking information, business hours, calendars, profile information, and email templates.
Affected versions: max 1.1.13.
Status: vulnerable

Mar 01, 2025

CVE, Research URL: CVE-2025-27345
Home page URL: Security reports for Booking Ultra Pro Appointments Booking Calendar Plugin
Application: Booking Ultra Pro Appointments Booking Calendar Plugin
Date: Apr 17, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro allows Reflected XSS. This issue affects Booking Ultra Pro: from n/a through 1.1.19.
Affected versions: max 1.1.20.
Status: vulnerable

Jun 15, 2025

CVE, Research URL: CVE-2025-30637
Home page URL: Security reports for Booking Ultra Pro Appointments Booking Calendar Plugin
Application: Booking Ultra Pro Appointments Booking Calendar Plugin
Date: Jun 06, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro allows Stored XSS. This issue affects Booking Ultra Pro: from n/a through 1.1.20.
Affected versions: max 1.1.21.
Status: vulnerable

Sep 05, 2025

CVE, Research URL: CVE-2025-58633
Home page URL: Security reports for Booking Ultra Pro Appointments Booking Calendar Plugin
Application: Booking Ultra Pro Appointments Booking Calendar Plugin
Date: Sep 03, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro allows Stored XSS. This issue affects Booking Ultra Pro: from n/a through 1.1.21.
Affected versions: max 1.1.22.
Status: vulnerable