cleantalk
Vulnerabilities and Security Researches

Booking Calendar and Notification, CVE-2024-13746

CVE, Research URL

CVE-2024-13746

Home page URL

Security reports for Booking Calendar and Notification

Application

Booking Calendar and Notification

Published on
Mar 01, 2025
Research Description
The Booking Calendar and Notification plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on the wpcb_all_bookings(), wpcb_update_booking_post(), and wpcb_delete_posts() functions in all versions up to, and including, 4.0.3. This makes it possible for unauthenticated attackers to extract data, create or update bookings, or delete arbitrary posts.
Affected versions
Min -, max 4.0.3.
Status
vulnerable
Previous vulnerability researches
Booking Calendar and Notification (CVE-2024-13746) , Mar 03, 2025
Booking Calendar and Notification (CVE-2025-31381) , Apr 06, 2025
Booking Calendar and Notification (CVE-2025-31403) , Apr 06, 2025
New vulnerability
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2025-3487) , Apr 18, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2025-3479) , Apr 18, 2025
WPAdverts – Classifieds Plugin (CVE-2025-39576) , Apr 18, 2025
Checkout Files Upload for WooCommerce (CVE-2025-39520) , Apr 18, 2025
Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease (CVE-2025-3453) , Apr 18, 2025