Vulnerabilities > Wpdevart > Booking Calendar > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-12-24 CVE-2024-10856 SQL Injection vulnerability in Wpdevart Booking Calendar
The Booking Calendar WpDevArt plugin is vulnerable to time-based, blind SQL injection via the `id` parameter in the “wpdevart_booking_calendar” shortcode in versions up to, and including, 3.2.19 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
wpdevart CWE-89
6.5
6.5
2023-03-29 CVE-2022-47438 Unspecified vulnerability in Wpdevart Booking Calendar
Auth.
network
low complexity
wpdevart
5.4
5.4
2023-02-17 CVE-2023-24388 Cross-Site Request Forgery (CSRF) vulnerability in Wpdevart Booking Calendar
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete).
network
low complexity
wpdevart CWE-352
5.4
5.4