Vulnerabilities > Booking Calendar Project > Booking Calendar > 8.4.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-10 | CVE-2022-1463 | Unspecified vulnerability in Booking Calendar Project Booking Calendar The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. | 8.8 |
| 2022-01-03 | CVE-2021-25040 | Cross-site Scripting vulnerability in Booking Calendar Project Booking Calendar The Booking Calendar WordPress plugin before 8.9.2 does not sanitise and escape the booking_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | 6.1 |
| 2019-03-21 | CVE-2018-20556 | SQL Injection vulnerability in Booking Calendar Project Booking Calendar 8.4.3 SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter. | 8.8 |