Skip to main content

Wp Time Slots Booking Form

9 CVEs product

Monthly

CVE-2026-48882 HIGH This Week

SQL injection in the WP Time Slots Booking Form WordPress plugin (versions 1.2.50 and earlier) allows authenticated Subscriber-level users to inject arbitrary SQL into backend database queries. The CVSS 3.1 vector indicates a scope change with high confidentiality impact, meaning an attacker who only holds the lowest WordPress role can read data beyond the plugin's own scope. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

SQLi Wp Time Slots Booking Form
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2026-40791 HIGH This Week

Reflected/stored cross-site scripting in the WP Time Slots Booking Form WordPress plugin (versions up to and including 1.2.46) lets remote unauthenticated attackers inject script that executes in a victim's browser after user interaction. The flaw, reported by Patchstack and tracked as EUVD-2026-36994, carries a CVSS 7.1 due to the scope change against the WordPress origin, and no public exploit identified at time of analysis.

XSS Wp Time Slots Booking Form
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-32432 MEDIUM This Month

WP Time Slots Booking Form through version 1.2.42 contains a missing authorization vulnerability that allows unauthenticated attackers to modify booking data through improperly configured access controls. An attacker can exploit this to alter time slot reservations and other critical booking information without authentication. No patch is currently available for this vulnerability.

Authentication Bypass Wp Time Slots Booking Form
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-35735 CRITICAL Act Now

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.2.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Time Slots Booking Form
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-33543 HIGH This Week

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.2.06. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Time Slots Booking Form
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-35734 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.2.10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Time Slots Booking Form
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-41790 MEDIUM This Month

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.1.76. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wp Time Slots Booking Form
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-23971 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Time Slots Booking Form
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-0389 MEDIUM POC This Month

The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Time Slots Booking Form
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
EPSS 0% CVSS 8.5
HIGH This Week

SQL injection in the WP Time Slots Booking Form WordPress plugin (versions 1.2.50 and earlier) allows authenticated Subscriber-level users to inject arbitrary SQL into backend database queries. The CVSS 3.1 vector indicates a scope change with high confidentiality impact, meaning an attacker who only holds the lowest WordPress role can read data beyond the plugin's own scope. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

SQLi Wp Time Slots Booking Form
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Reflected/stored cross-site scripting in the WP Time Slots Booking Form WordPress plugin (versions up to and including 1.2.46) lets remote unauthenticated attackers inject script that executes in a victim's browser after user interaction. The flaw, reported by Patchstack and tracked as EUVD-2026-36994, carries a CVSS 7.1 due to the scope change against the WordPress origin, and no public exploit identified at time of analysis.

XSS Wp Time Slots Booking Form
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

WP Time Slots Booking Form through version 1.2.42 contains a missing authorization vulnerability that allows unauthenticated attackers to modify booking data through improperly configured access controls. An attacker can exploit this to alter time slot reservations and other critical booking information without authentication. No patch is currently available for this vulnerability.

Authentication Bypass Wp Time Slots Booking Form
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.2.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Time Slots Booking Form
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.2.06. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Time Slots Booking Form
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.2.10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Time Slots Booking Form
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.1.76. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wp Time Slots Booking Form
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Time Slots Booking Form
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Time Slots Booking Form
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy