Vulnerabilities and security researches forwebba-booking-lite webba-booking-lite

Jun 07, 2024

CVE, Research URL: CVE-2023-51354
Home page URL: Security reports for Appointment & Event Booking Calendar Plugin – Webba Booking
Application: Appointment & Event Booking Calendar Plugin – Webba Booking
Date: Dec 29, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in WebbaPlugins Appointment & Event Booking Calendar Plugin – Webba Booking.This issue affects Appointment & Event Booking Calendar Plugin – Webba Booking: from n/a through 4.5.33.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-36847
Home page URL: Security reports for Appointment & Event Booking Calendar Plugin – Webba Booking
Application: Appointment & Event Booking Calendar Plugin – Webba Booking
Date: Aug 22, 2022
Research Description: Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: b7a75269cb1a76e8d5a0a5e89de3a8bf55dac3b6
Home page URL: Security reports for Appointment & Event Booking Calendar Plugin – Webba Booking
Application: Appointment & Event Booking Calendar Plugin – Webba Booking
Date: Feb 28, 2022
Research Description: Appointment Booking & Scheduling Plugin — Webba Booking Calendar [webba-booking-lite] < 4.2.18 WordPress Webba Booking plugin < 4.2.18 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Webba Booking plugin (versions < 4.2.18).
Affected versions: Min -, max -.
Status: vulnerable

Sep 25, 2024

CVE, Research URL: CVE-2024-8432
Home page URL: Security reports for Appointment & Event Booking Calendar Plugin – Webba Booking
Application: Appointment & Event Booking Calendar Plugin – Webba Booking
Date: Sep 24, 2024
Research Description: The Appointment & Event Booking Calendar Plugin – Webba Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_appearance() function in all versions up to, and including, 5.0.48. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the booking form's CSS.
Affected versions: Min -, max -.
Status: vulnerable

Nov 15, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for Appointment & Event Booking Calendar Plugin – Webba Booking
Application: Appointment & Event Booking Calendar Plugin – Webba Booking
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: Min -, max -.
Status: vulnerable

Jul 19, 2025

CVE, Research URL: CVE-2025-54036
Home page URL: Security reports for Appointment & Event Booking Calendar Plugin – Webba Booking
Application: Appointment & Event Booking Calendar Plugin – Webba Booking
Date: Jul 16, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Webba Appointment Booking Webba Booking allows Cross Site Request Forgery. This issue affects Webba Booking: from n/a through 5.1.20.
Affected versions: Min -, max -.
Status: vulnerable