Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Booking Calendar — Vulnerabilities & Security Advisories 22

All 22 CVE vulnerabilities found in Booking Calendar, with AI-generated Chinese analysis, references, and POCs.

This page documents security weaknesses affecting the Booking Calendar product, categorized under vulnerability aggregation tags for tracking and reference. It compiles a comprehensive list of identified security flaws, including remote code execution, cross-site scripting, and unauthorized access issues, covering reported incidents from early 2020 to the present. By centralizing these records, the resource allows developers and security professionals to track vendor advisories regarding the Booking Calendar software, providing a clear view of how the vendor addresses different severity levels over time. Users can also gain a deeper understanding of specific weakness classes commonly exploited in this type of scheduling application, identifying patterns in how attackers target calendar integration points. Additionally, the page serves as a historical archive, enabling stakeholders to look up the vulnerability history of the product to assess its long-term security posture. This consolidated view helps organizations evaluating or already using the Booking Calendar to make informed decisions about patching schedules and risk mitigation strategies. The collected data highlights recurring themes in the product’s security landscape, offering insight into both past remediation efforts and lingering gaps that require attention. Maintaining an up-to-date record of these vulnerabilities ensures that administrators have access to reliable information for maintaining system integrity and compliance with security best practices.

Vendor: wpdevelop

CVE IDTitleCVSSSeverityPublished
CVE-2026-32358 WordPress Booking Calendar plugin <= 10.14.15 - SQL Injection vulnerability CWE-89 7.6 High2026-03-13
CVE-2026-2230 Booking Calendar <= 10.14.14 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Settings Modification CWE-639 4.3 Medium2026-02-18
CVE-2026-1431 Booking Calendar <= 10.14.13 - Missing Authorization to Unauthenticated Booking Details Exposure CWE-862 5.3 Medium2026-01-31
CVE-2025-14982 Booking Calendar <= 10.14.11 - Missing Authorization to Sensitive Information Exposure CWE-862 4.3 Medium2026-01-16
CVE-2025-14146 Booking Calendar <= 10.14.10 - Unauthenticated Sensitive Information Exposure CWE-862 5.3 Medium2026-01-09
CVE-2025-14383 Booking Calendar <= 10.14.8 - Unauthenticated SQL Injection via dates_to_check CWE-89 7.5 High2025-12-15
CVE-2025-12804 Booking Calendar <= 10.14.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingcalendar Shortcode CWE-79 6.4 Medium2025-12-05
CVE-2025-64381 WordPress Booking Calendar plugin <= 10.14.7 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2025-11-13
CVE-2025-9346 Booking Calendar <= 10.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-08-28
CVE-2025-4669 Booking Calendar <= 10.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpbc Shortcode CWE-79 6.4 Medium2025-05-17
CVE-2024-13821 WP Booking Calendar <= 10.10 - Unauthenticated Post-Confirmation Booking Manipulation CWE-285 5.3 Medium2025-02-12
CVE-2024-13323 Booking Calendar <= 10.9.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'booking' Shortcode CWE-79 6.4 Medium2025-01-14
CVE-2024-9306 WP Booking Calendar <= 10.6 - Authenticated (Admin+) Stored Cross-Site Scripting CWE-79 4.4 Medium2024-10-04
CVE-2024-8274 WP Booking Calendar <= 10.5 - Reflected Cross-Site Scripting CWE-79 6.1 Medium2024-08-30
CVE-2024-6930 WP Booking Calendar <= 10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingform Shortcode CWE-79 6.4 Medium2024-07-24
CVE-2023-23991 WordPress Booking Calendar plugin <= 9.4.3 - SQL Injection CWE-89 7.6 High2024-03-26
CVE-2024-1207 Booking Calendar <= 9.9 - Unauthenticated SQL Injection CWE-89 9.8 Critical2024-02-08
CVE-2023-4620 Booking Calendar < 9.7.3.1 - Unauthenticated Stored XSS 5.4 -2023-10-16
CVE-2022-1463 Booking Calendar <= 9.1 - PHP Object Injection via Shortcode CWE-502 8.8 High2022-05-10
CVE-2021-25040 Booking Calendar < 8.9.2 - Reflected Cross-Site Scripting CWE-79 6.1 -2022-01-03
CVE-2017-2150 WordPress Booking Calendar 路径遍历漏洞 6.5 -2017-04-28
CVE-2017-2151 WordPress Booking Calendar 跨站脚本漏洞 6.1 -2017-04-28

All 22 known CVE vulnerabilities affecting Booking Calendar with full Chinese analysis, references, and POCs where available.