Threat Entry Updated 2024-11-21

CVE-2024-6175 - Booking Ultra Pro Appointments Booking Calendar Plugin

The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the multiple functions in all versions up to, and including, 1.1.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify and delete. multiple plugin options and data such as payments, pricing, booking information, business hours, calendars, profile information, and email templates.

PLUGIN Booking Ultra Pro Appointments Booking Calendar

CVE-2024-6175

MEDIUM CVSS 5.4 2024-07-18

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-36855 - Booking Ultra Pro Appointments Booking Calendar Plugin

Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin

PLUGIN Booking Ultra Pro Appointments Booking Calendar

CVE-2021-36855

MEDIUM CVSS 6.1 2022-09-30

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-36854 - Booking Ultra Pro Appointments Booking Calendar Plugin

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin

PLUGIN Booking Ultra Pro Appointments Booking Calendar

CVE-2021-36854

MEDIUM CVSS 5.4 2022-09-30

Risk Score

Open Full Technical Breakdown