WordPress Plugin Vulnerabilities

Booking Calendar Contact Form < 1.0.24 - XSS & SQL Injection

Description

The Booking Calendar Contact Form WordPress plugin was affected by a XSS & SQL Injection security vulnerability.

Affects Plugins

Plugin icon
booking-calendar-contact-form
Fixed in 1.0.24

References

CVE
CVE-2016-10909

Miscellaneous

Verified
No
WPVDB ID
e970a9aa-4202-463c-92ae-6e20562d9d0a

Timeline

Publicly Published
2016-02-08 (about 10 years ago)
Added
2019-08-24 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2018-01-07
Title
Social Media Widget by Acurax <= 3.2.5 - Stored XSS & CSRF
Published
2019-06-26
Title
LiveChat < 3.7.6 - Unauthenticated Option Update/Reset and Stored XSS
Published
2014-08-01
Title
RokNewsPager <= 1.17 - XSS,DoS,Disclosure,Upload Vulnerabilities
Published
2015-09-17
Title
WP Shop <= 3.4.3.18 - Cross-Site Scripting (XSS) & CSRF
Published
2019-03-14
Title
Import users from CSV with meta <= 1.14.0.2 - XSS and CSRF