🎉Wordfence just launched its bug bounty program. Over the next 6 months, all awarded bounties receive a 10% bonus. Register as a researcher and submit your vulnerabilities today!

As a reminder, the Wordfence Intelligence Vulnerability Database API is completely free to query and utilize, both personally and commercially, and contains all the same vulnerability data as the user interface. Please review the API documentation and Webhook documentation for more information on how to query the vulnerability API endpoints and configure webhooks utilizing all the same data present in the Wordfence Intelligence user interface.

WP Booking Calendar

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > WP Booking Calendar

Information

Software Type	Plugin
Software Slug	booking (view on wordpress.org)
Software Status	Active
Software Author	wpdevelop
Software Website	wpbookingcalendar.com
Software Downloads	3,136,612
Software Active Installs	60,000
Software Record Last Updated	November 29, 2023

11 Vulnerabilities

Booking Calendar <= 9.7.3.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE ID Unknown

Sep 25, 2023

Researchers:

Booking Calendar <= 9.7.3 - Unauthenticated Stored Cross-Site Scripting

6.5

CVE-2023-4620

Sep 11, 2023

Researcher: Pablo Sanchez

Booking Calendar <= 9.4.2 - Authenticated (Admin+) SQL Injection

6.6

CVE-2023-23991

Jan 20, 2023

Researcher: Rafshanzani Suhada

Booking Calendar <= 9.2.1 - Cross-Site Request Forgery

5.4

CVE-2022-33177

Sep 6, 2022

Researcher: Muhammad Daffa

Booking Calendar <= 9.1 - PHP Object Injection via Shortcode

8.5

CVE-2022-1463

Apr 18, 2022

Researcher: Ram

Booking Calendar <= 8.9.1 - Reflected Cross-Site Scripting

6.1

CVE-2021-25040

Dec 6, 2021

Researcher: Krzysztof Zając

Booking Calendar <= 8.4.3 - SQL injection

8.8

CVE-2018-20556

Dec 28, 2018

Researcher: B0UG

Booking Calendar <= 6.2 - Cross-Site Request Forgery leading to Cross-Site Scripting

8.8

CVE ID Unknown

Aug 1, 2016

Researcher: Edwin Molenaar

Booking Calendar <= 6.2 - Cross-Site Request Forgery to SQL Injection

8.8

CVE ID Unknown

Aug 1, 2016

Researcher: Edwin Molenaar

Booking Calendar <= 6.2 - Authenticated (Editor+) SQL Injection

7.2

CVE ID Unknown

Aug 1, 2016

Researcher: Edwin Molenaar

Booking Calendar < 4.1.6 - Cross-Site Request Forgery

4.3

CVE ID Unknown

Aug 1, 2014

Researcher: Dylan Irzi

Title	CVE ID	CVSS	Researchers	Date
Booking Calendar <= 9.7.3.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode		6.4		September 25, 2023
Booking Calendar <= 9.7.3 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-4620	6.5	Pablo Sanchez	September 11, 2023
Booking Calendar <= 9.4.2 - Authenticated (Admin+) SQL Injection	CVE-2023-23991	6.6	Rafshanzani Suhada	January 20, 2023
Booking Calendar <= 9.2.1 - Cross-Site Request Forgery	CVE-2022-33177	5.4	Muhammad Daffa	September 6, 2022
Booking Calendar <= 9.1 - PHP Object Injection via Shortcode	CVE-2022-1463	8.5	Ram	April 18, 2022
Booking Calendar <= 8.9.1 - Reflected Cross-Site Scripting	CVE-2021-25040	6.1	Krzysztof Zając	December 6, 2021
Booking Calendar <= 8.4.3 - SQL injection	CVE-2018-20556	8.8	B0UG	December 28, 2018
Booking Calendar <= 6.2 - Cross-Site Request Forgery leading to Cross-Site Scripting		8.8	Edwin Molenaar	August 1, 2016
Booking Calendar <= 6.2 - Cross-Site Request Forgery to SQL Injection		8.8	Edwin Molenaar	August 1, 2016
Booking Calendar <= 6.2 - Authenticated (Editor+) SQL Injection		7.2	Edwin Molenaar	August 1, 2016
Booking Calendar < 4.1.6 - Cross-Site Request Forgery		4.3	Dylan Irzi	August 1, 2014

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation