Skip to main content

Booking Calendar Contact Form

3 CVEs product

Monthly

CVE-2016-20068 HIGH POC This Week

WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress SQLi Booking Calendar Contact Form
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.3%
CVE-2016-20070 MEDIUM POC This Month

WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress XSS Privilege Escalation Booking Calendar Contact Form
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2016-20069 HIGH POC This Week

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Booking Calendar Contact Form
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.2%
EPSS 0% CVSS 8.8
HIGH POC This Week

WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress SQLi +1
NVD Exploit-DB
EPSS 0% CVSS 5.1
MEDIUM POC This Month

WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress XSS +2
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Booking Calendar Contact Form
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy