Skip to main content

Pinpoint Booking System

6 CVEs product

Monthly

CVE-2026-39678 MEDIUM This Month

Unauthenticated remote attackers can bypass access control in DOTonPAPER Pinpoint Booking System versions up to 2.9.9.6.5 to view sensitive booking data due to missing authorization checks on API endpoints. The vulnerability allows information disclosure with low confidentiality impact, and while CVSS rates it 5.3 (medium), the 0.02% EPSS score indicates minimal real-world exploitation probability despite the straightforward network-based attack vector.

Authentication Bypass Pinpoint Booking System
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-7112 MEDIUM PATCH This Month

The Pinpoint Booking System - #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘schedule’ parameter in all versions up to, and including, 2.9.9.5.0 due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Pinpoint Booking System
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-3636 MEDIUM POC This Month

The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pinpoint Booking System
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-45270 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pinpoint Booking System
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25062 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pinpoint Booking System
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-0220 HIGH POC This Week

The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Pinpoint Booking System
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
EPSS 0% CVSS 5.3
MEDIUM This Month

Unauthenticated remote attackers can bypass access control in DOTonPAPER Pinpoint Booking System versions up to 2.9.9.6.5 to view sensitive booking data due to missing authorization checks on API endpoints. The vulnerability allows information disclosure with low confidentiality impact, and while CVSS rates it 5.3 (medium), the 0.02% EPSS score indicates minimal real-world exploitation probability despite the straightforward network-based attack vector.

Authentication Bypass Pinpoint Booking System
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

The Pinpoint Booking System - #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘schedule’ parameter in all versions up to, and including, 2.9.9.5.0 due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Pinpoint Booking System
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pinpoint Booking System
NVD WPScan
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pinpoint Booking System
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pinpoint Booking System
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Pinpoint Booking System
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy