🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Advanced Booking Calendar

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Advanced Booking Calendar

Information

Software Type	Plugin
Software Slug	advanced-booking-calendar (view on wordpress.org)
Software Status	Removed
Software Author	bookingcalendar
Software Website	booking-calendar-plugin.com
Software Downloads	130,320
Software Active Installs	5,000
Software Record Last Updated	April 16, 2024

8 Vulnerabilities

Advanced Booking Calendar <= 1.7.1 - Unauthenticated SQL Injection

9.8

CVE-2022-45822

Dec 2, 2022

Researcher: minhtuanact

Advanced Booking Calendar <= 1.7.1 - Cross Site Request Forgery

8.8

CVE-2022-45824

Dec 1, 2022

Researcher: minhtuanact

Advanced Booking Calendar <= 1.7.0 - Reflected Cross-Site Scripting

6.1

CVE-2022-1007

Mar 21, 2022

Researcher: Yiicheng Liu-Zte Chenfeng Lab

Advanced Booking Calendar <= 1.7.0 - Authenticated SQL Injection

7.2

CVE-2022-1006

Mar 21, 2022

Researcher: Yiicheng Liu-Zte Chenfeng Lab

Advanced Booking Calendar <= 1.6.9 - Unauthenticated SQL Injection

9.8

CVE-2022-0694

Feb 28, 2022

Researcher: cydave

Advanced Booking Calendar <= 1.6.7 - Reflected Cross-Site Scripting

6.1

CVE-2021-24232

Mar 30, 2021

Researcher: iohex

Advanced Booking Calendar <= 1.6.6 - Reflected Cross-Site Scripting via calId Parameter

5.4

CVE-2021-24225

Mar 28, 2021

Researcher: iohex

Advanced Booking Calendar <= 1.6.1 - Unauthenticated SQL Injection

9.8

CVE ID Unknown

Oct 22, 2020

Researcher: Lenon Leite

Title	CVE ID	CVSS	Researchers	Date
Advanced Booking Calendar <= 1.7.1 - Unauthenticated SQL Injection	CVE-2022-45822	9.8	minhtuanact	December 2, 2022
Advanced Booking Calendar <= 1.7.1 - Cross Site Request Forgery	CVE-2022-45824	8.8	minhtuanact	December 1, 2022
Advanced Booking Calendar <= 1.7.0 - Reflected Cross-Site Scripting	CVE-2022-1007	6.1	Yiicheng Liu-Zte Chenfeng Lab	March 21, 2022
Advanced Booking Calendar <= 1.7.0 - Authenticated SQL Injection	CVE-2022-1006	7.2	Yiicheng Liu-Zte Chenfeng Lab	March 21, 2022
Advanced Booking Calendar <= 1.6.9 - Unauthenticated SQL Injection	CVE-2022-0694	9.8	cydave	February 28, 2022
Advanced Booking Calendar <= 1.6.7 - Reflected Cross-Site Scripting	CVE-2021-24232	6.1	iohex	March 30, 2021
Advanced Booking Calendar <= 1.6.6 - Reflected Cross-Site Scripting via calId Parameter	CVE-2021-24225	5.4	iohex	March 28, 2021
Advanced Booking Calendar <= 1.6.1 - Unauthenticated SQL Injection		9.8	Lenon Leite	October 22, 2020

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation