Vulnerabilities > Booking Calendar Project > Booking Calendar > 7.1.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-10 | CVE-2022-1463 | Deserialization of Untrusted Data vulnerability in Booking Calendar Project Booking Calendar The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. | 6.5 |
| 2022-01-03 | CVE-2021-25040 | Cross-site Scripting vulnerability in Booking Calendar Project Booking Calendar The Booking Calendar WordPress plugin before 8.9.2 does not sanitise and escape the booking_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | 4.3 |