Filtered by vendor Pinpoint
Subscribe
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25062 | 1 Pinpoint | 1 Pinpoint Booking System | 2023-11-07 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.2.8 versions. | |||||
| CVE-2023-0220 | 1 Pinpoint | 1 Pinpoint Booking System | 2023-11-07 | N/A | 8.8 HIGH |
| The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks. | |||||
| CVE-2023-45270 | 1 Pinpoint | 1 Pinpoint Booking System | 2023-10-18 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions. | |||||
| CVE-2015-9460 | 1 Pinpoint | 1 Pinpoint Booking System | 2019-10-15 | 6.5 MEDIUM | 8.8 HIGH |
| The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter. | |||||