Search
Search Results (5 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1797 | 2 Themetechmount, Wordpress | 2 Truebooker-appointment-booking, Wordpress | 2026-04-03 | 5.3 Medium |
| The Appointment Booking and Scheduler Plugin – Truebooker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 through views php files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed views php files via direct access. | ||||
| CVE-2025-47543 | 1 Themetechmount | 1 Truebooker | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Cross Site Request Forgery.This issue affects TrueBooker: from n/a through <= 1.0.7. | ||||
| CVE-2025-67581 | 2 Themetechmount, Wordpress | 2 Truebooker, Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through <= 1.1.0. | ||||
| CVE-2024-6924 | 1 Themetechmount | 2 Truebooker, Truebooker-appointment-booking | 2024-09-11 | 9.8 Critical |
| The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | ||||
| CVE-2024-6925 | 1 Themetechmount | 2 Truebooker, Truebooker-appointment-booking | 2024-09-11 | 4.3 Medium |
| The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | ||||
Page 1 of 1.