← Back

Elbtide

elbtide

7 CVEs • 1 product

Products (1)

Click to collapse
Toggle

CVEs (7)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Elbtide
1Advanced Booking Calendar
Jun 17, 2026
Dec 5, 2022
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.
1Elbtide
1Advanced Booking Calendar
Jun 17, 2026
Dec 5, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.
1Elbtide
1Advanced Booking Calendar
Jun 17, 2026
Apr 11, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue
1Elbtide
1Advanced Booking Calendar
Jun 17, 2026
Apr 11, 2022
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks
1Elbtide
1Advanced Booking Calendar
Jun 17, 2026
Mar 21, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action (available to both unau...Show more
The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action (available to both unauthenticated and authenticated users), leading to an unauthenticated SQL injectionShow less
1Elbtide
1Advanced Booking Calendar
Jun 17, 2026
Apr 22, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The Advanced Booking Calendar WordPress plugin before 1.6.8 does not sanitise the license error message when output in the settings page, leading to an authenticated reflected Cross-Site Scripting issue
1Elbtide
1Advanced Booking Calendar
Jun 17, 2026
Apr 12, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sanitise the calId GET parameter in the "Seasons & Calendars" page before outputing it in an A tag, leading to a reflected XSS issue