Vulnerabilities > Saasproject > Booking Package > 1.5.13
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-04 | CVE-2023-39918 | Cross-site Scripting vulnerability in Saasproject Booking Package Unauth. | 6.1 |
| 2022-04-04 | CVE-2022-0709 | Unspecified vulnerability in Saasproject Booking Package The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability. | 5.0 |