Stellarwp Bookit Booking Appointment Calendar vulnerabilities
3 known vulnerabilities affecting stellarwp/bookit_booking_appointment_calendar.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-4974P2MEDIUMCVSS 6.3Exploitedfixed in 2.2.92024-10-16
CVE-2022-4974 [MEDIUM] CWE-862 CVE-2022-4974: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cr
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme runni
nvd
CVE-2023-2834P2CRITICALCVSS 9.8≤ 2.3.72023-06-30
CVE-2023-2834 [CRITICAL] CWE-288 CVE-2023-2834: The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and includ
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator
nvd
CVE-2025-12633P3HIGHCVSS 7.5≤ 2.5.02025-11-12
CVE-2025-12633 [HIGH] CWE-862 CVE-2025-12633: The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is vulnerable to unauthoriz
The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bookit/v1/commerce/stripe/return' REST API Endpoint in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to connect their Stripe acco
nvd