Search
Search Results (7 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25037 | 2 Codepeople, Wordpress | 2 Booking Calendar Contact Form, Wordpress | 2026-04-28 | 4.3 Medium |
| Missing Authorization vulnerability in CodePeople Booking Calendar Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar Contact Form: from n/a through 1.2.34. | ||||
| CVE-2026-6810 | 2 Codepeople, Wordpress | 2 Booking Calendar Contact Form, Wordpress | 2026-04-28 | 5.3 Medium |
| The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the dex_bccf_admin_int_calendar_list.inc.php file due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to takeover other user's calendars and view user data associated with the calendar. | ||||
| CVE-2025-48231 | 2 Codepeople, Wordpress | 2 Booking Calendar Contact Form, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Booking Calendar Contact Form booking-calendar-contact-form allows Stored XSS.This issue affects Booking Calendar Contact Form: from n/a through <= 1.2.58. | ||||
| CVE-2025-24723 | 2 Codepeople, Wordpress | 2 Booking Calendar Contact Form, Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Booking Calendar Contact Form booking-calendar-contact-form allows Stored XSS.This issue affects Booking Calendar Contact Form: from n/a through <= 1.2.55. | ||||
| CVE-2025-13318 | 2 Codepeople, Wordpress | 2 Booking Calendar Contact Form, Wordpress | 2026-04-22 | 5.3 Medium |
| The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks and payment verification in the `dex_bccf_check_IPN_verification` function. This makes it possible for unauthenticated attackers to arbitrarily confirm bookings and bypass payment requirements via the 'dex_bccf_ipn' parameter. | ||||
| CVE-2016-10909 | 1 Codepeople | 1 Booking Calendar Contact Form | 2024-11-21 | N/A |
| The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection. | ||||
| CVE-2016-10908 | 1 Codepeople | 1 Booking Calendar Contact Form | 2024-11-21 | N/A |
| The booking-calendar-contact-form plugin before 1.0.24 for WordPress has XSS. | ||||
Page 1 of 1.