Booking Calendar Pro Wpdevart
Approved changes feed: RSS · Atom
cpe:2.3:a:wpdevart:booking_calendar_pro_wpdevart:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Wpdevart (62458400-5314-5c71-819c-4b29c90460da) |
|---|---|
| Product | Booking Calendar Pro Wpdevart (3e5a9591-d28b-5a6d-9459-adf28080752f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-12077 |
vulnerable | 2026-06-03 14:54:15.535729 |
Booking Calendar and Booking Calendar Pro <= Multiple Versions - Reflected Cross-Site Scripting via 'calendar_id'
MEDIUM (6.1)
The Booking Calendar and Booking Calendar Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘calendar_id’ parameter in all versions up to, and including, 3.2.19 and 11.2.19 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Published: 2025-01-07T07:22:33.559Z
Updated: 2026-04-08T17:03:49.073Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.