cleantalk
Vulnerabilities and Security Researches

Appointment & Event Booking Calendar Plugin – Webba Booking, CVE-2024-8432

CVE, Research URL

CVE-2024-8432

Home page URL

Security reports for Appointment & Event Booking Calendar Plugin – Webba Booking

Application

Appointment & Event Booking Calendar Plugin – Webba Booking

Published on
Sep 24, 2024
Research Description
The Appointment & Event Booking Calendar Plugin – Webba Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_appearance() function in all versions up to, and including, 5.0.48. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the booking form's CSS.
Affected versions
Min -, max 5.0.50.
Status
vulnerable
Previous vulnerability researches
Appointment & Event Booking Calendar Plugin – Webba Booking (CVE-2022-4974) , Nov 15, 2024
Appointment & Event Booking Calendar Plugin – Webba Booking (CVE-2025-54036) , Jul 19, 2025
Appointment & Event Booking Calendar Plugin – Webba Booking (CVE-2023-51354) , Jun 07, 2024
Appointment & Event Booking Calendar Plugin – Webba Booking (CVE-2021-36847) , Jun 07, 2024
Appointment & Event Booking Calendar Plugin – Webba Booking (b7a75269cb1a76e8d5a0a5e89de3a8bf55dac3b6) , Jun 07, 2024
New vulnerability
Master Addons for Elementor (CVE-2025-5284) , Jul 20, 2025
Attachment Manager (CVE-2025-7643) , Jul 19, 2025
B1.lt (CVE-2025-6718) , Jul 19, 2025
B1.lt (CVE-2025-6717) , Jul 19, 2025
Widget for Google Reviews (CVE-2025-53565) , Jul 19, 2025