Booking Calendar Contact Form
Approved changes feed: RSS · Atom
cpe:2.3:a:codepeople:booking_calendar_contact_form:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Codepeople (f85d1a73-9b3f-50b5-b09d-cd136586594b) |
|---|---|
| Product | Booking Calendar Contact Form (1b2f3647-317f-5991-a405-91405691926f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/wp-plugins/booking-calendar-contact-form |
purl2cpe | 2026-06-01 10:10:56.740867 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-6810 |
vulnerable | 2026-06-03 15:27:55.762298 |
Booking Calendar Contact Form <= 1.2.63 - Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar Takeover
MEDIUM (5.3)
The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the dex_bccf_admin_int_calendar_list.inc.php file due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to takeover other user's calendars and view user data associated with the calendar.
Published: 2026-04-24T05:29:38.488Z
Updated: 2026-04-24T13:55:26.615Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-48231 |
vulnerable | 2026-06-03 15:01:34.283065 |
WordPress Booking Calendar Contact Form plugin <= 1.2.58 - Cross Site Scripting (XSS) Vulnerability
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Booking Calendar Contact Form booking-calendar-contact-form allows Stored XSS.This issue affects Booking Calendar Contact Form: from n/a through <= 1.2.58.
Published: 2025-07-04T11:18:02.980Z
Updated: 2026-04-28T16:12:53.652Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-24723 |
vulnerable | 2026-06-03 14:59:56.740567 |
WordPress Booking Calendar Contact Form Plugin <= 1.2.55 - Stored Cross Site Scripting (XSS) vulnerability
MEDIUM (5.9)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Booking Calendar Contact Form booking-calendar-contact-form allows Stored XSS.This issue affects Booking Calendar Contact Form: from n/a through <= 1.2.55.
Published: 2025-01-24T17:25:13.465Z
Updated: 2026-04-28T16:11:32.983Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-13318 |
vulnerable | 2026-06-03 14:58:45.887169 |
Booking Calendar Contact Form <= 1.2.60 - Missing Authorization to Unauthenticated Arbitrary Booking Confirmation via 'dex_bccf_ipn' Parameter
MEDIUM (5.3)
The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks and payment verification in the `dex_bccf_check_IPN_verification` function. This makes it possible for unauthenticated attackers to arbitrarily confirm bookings and bypass payment requirements via the 'dex_bccf_ipn' parameter.
Published: 2025-11-22T08:30:29.623Z
Updated: 2026-04-08T17:04:13.473Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-36384 |
vulnerable | 2026-06-03 14:52:19.857684 |
WordPress Booking Calendar Contact Form Plugin <= 1.2.40 is vulnerable to Cross Site Scripting (XSS)
HIGH (7.1)
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeople Booking Calendar Contact Form plugin <= 1.2.40 versions.
Published: 2023-07-18T14:17:40.116Z
Updated: 2026-04-28T16:08:31.402Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-25037 |
vulnerable | 2026-06-03 14:49:32.131827 |
WordPress Booking Calendar Contact Form plugin <= 1.2.34 - Broken Access Control vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in CodePeople Booking Calendar Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar Contact Form: from n/a through 1.2.34.
Published: 2024-12-09T11:31:37.517Z
Updated: 2026-04-28T16:08:06.761Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.