Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Booking Ultra Pro — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting Booking Ultra Pro. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Booking Ultra Pro is a hotel reservation management system designed to streamline booking operations for hospitality businesses. Historically, it has been vulnerable to multiple security issues, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities, with nine CVEs documented to date. The platform's web interface and API components have been particularly susceptible to input validation flaws, allowing unauthorized access or system compromise. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests ongoing challenges in secure coding practices. Organizations implementing this solution should prioritize regular patching and security hardening to mitigate potential exploitation risks.

Top products by Booking Ultra Pro: Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin Booking Ultra Pro (WordPress plugin)
CVE IDTitleCVSSSeverityPublished
CVE-2023-32601 WordPress Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.12 - Broken Access Control vulnerability — Booking Ultra ProCWE-862 5.4 Medium2024-12-13
CVE-2024-38676 WordPress Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.13 - Cross Site Scripting (XSS) vulnerability — Booking Ultra ProCWE-79 6.5 Medium2024-07-20
CVE-2024-38717 WordPress Booking Ultra Pro Appointments Booking Calendar plugin <= 1.1.13 - Local File Inclusion vulnerability — Booking Ultra ProCWE-22 7.1 High2024-07-12
CVE-2024-32960 WordPress Booking Ultra Pro plugin 1.1.12 - Privilege Escalation vulnerability — Booking Ultra ProCWE-269 8.8 High2024-05-17
CVE-2023-32511 WordPress Booking Ultra Pro Plugin <= 1.1.8 is vulnerable to Cross Site Scripting (XSS) — Booking Ultra Pro Appointments Booking Calendar PluginCWE-79 7.1 High2023-08-24
CVE-2023-32236 WordPress Booking Ultra Pro Plugin <= 1.1.8 is vulnerable to Cross Site Scripting (XSS) — Booking Ultra Pro Appointments Booking Calendar PluginCWE-79 7.1 High2023-08-23
CVE-2022-46816 WordPress Booking Ultra Pro Plugin <= 1.1.4 is vulnerable to Cross Site Request Forgery (CSRF) — Booking Ultra Pro Appointments Booking Calendar PluginCWE-352 4.3 Medium2023-05-24
CVE-2021-36855 WordPress Booking Ultra Pro plugin <= 1.1.4 - Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability — Booking Ultra Pro (WordPress plugin)CWE-352 6.1 Medium2022-09-30
CVE-2021-36854 WordPress Booking Ultra Pro plugin <= 1.1.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities — Booking Ultra Pro (WordPress plugin)CWE-352 5.4 Medium2022-09-30

This page lists every published CVE security advisory associated with Booking Ultra Pro. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.