cleantalk
Vulnerabilities and Security Researches

Booking Package, CVE-2022-0709

CVE, Research URL

CVE-2022-0709

Home page URL

Security reports for Booking Package

Application

Booking Package

Published on
Apr 04, 2022
Research Description
The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability.
Affected versions
Min -, max 1.5.99.
Status
vulnerable
Previous vulnerability researches
Booking Package (CVE-2024-13508) , Feb 20, 2025
Booking Package (CVE-2021-20840) , Jun 06, 2024
Booking Package (CVE-2022-0709) , Jun 06, 2024
Booking Package (CVE-2023-37389) , Jun 06, 2024
Booking Package (CVE-2023-39918) , Jun 06, 2024
New vulnerability
Google Map Targeting (CVE-2025-52732) , Aug 04, 2025
WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin (CVE-2025-8152) , Aug 04, 2025
One Click Demo Import , Aug 04, 2025
My Reservation System (CVE-2025-7022) , Aug 02, 2025
Connector for Gravity Forms and Google Sheets (CVE-2025-54682) , Aug 02, 2025