CVEs (7)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
The Pinpoint Booking System – #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'language' parameter in all versions up to, and including, 2.9.9.5.4 due to insufficient escaping on t...Show more |
The Pinpoint Booking System – #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘schedule’ parameter in all versions up to, and including, 2.9.9.5.0 due to insufficient escaping on t...Show more |
The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even w...Show more |
Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions. |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.2.8 versions. |
The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber...Show more |
1Pinpoint 1Pinpoint Booking System Nov 21, 2024 Oct 10, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter. |