High 7.1 Unfixed
2026-03-25≤ 3.2.36
CVE-2026-25435
Booking calendar, Appointment Booking System
Minimum safe version
3.2.31
Update to 3.2.31 or later to address 21 fixable vulnerabilities
Latest available3.2.36 ✓⚠ 1 vulnerability has no fix
Medium 5.3
2025-12-15< 3.2.31
Booking calendar, Appointment Booking System <= 3.2.30 - Missing Authorization
N/A
2025-07-01< 3.2.18
Booking calendar, Appointment Booking System <= 3.2.17 - Unauthenticated Time-Based SQL Injection via 'wpdevart_id'
Medium 6.1
2025-01-07< 3.2.20
CVE-2024-12077
Medium 6.5
2024-12-24< 3.2.20
CVE-2024-10856
High 7.2
2024-11-26< 3.2.16
CVE-2024-9504
N/A
< 3.2.12
Booking Calendar WpDevArt < 3.2.12 - Admin+ SQLi
N/A
< 3.2.9
Booking calendar, Appointment Booking System < 3.2.9 - Multiple Authenticated(Editor+) SQL Injection
N/A
2023-10-29< 3.2.12
Booking Calendar WpDevArt <= 3.2.11 - Authenticated (Admin+) SQL Injection
N/A
2023-09-12< 3.2.9
Booking calendar, Appointment Booking System <= 3.2.8 - Multiple Authenticated(Editor+) SQL Injection
Medium 6.7
2023-11-06< 3.2.8
CVE-2022-47428
Low 3.7
2024-06-03< 3.2.4
CVE-2023-24373
Medium 5.9
2023-03-29< 3.2.4
CVE-2022-47438
Medium 5.0
2024-12-09< 3.2.4
CVE-2023-24407
Medium 5.4
2023-02-17< 3.2.4
CVE-2023-24388
Critical 9.8
2022-12-12< 3.2.2
CVE-2022-3982
N/A
2018-01-22< 2.1.8
WordPress Booking calendar plugin <=2.1.7 - Multiple Cross-Site Scripting (XSS) vulnerabilities
High 8.8
2018-01-22< 2.1.8
WordPress Booking calendar plugin <=2.1.7 - Cross-Site Request Forgery (CSRF) vulnerability
Medium 4.8
2018-01-13< 2.1.8
CVE-2018-5672
Medium 4.8
2018-01-13< 2.1.8
CVE-2018-5671
Medium 4.8
2018-01-13< 2.1.8
CVE-2018-5670
High 7.5
2018-06-13< 2.2.3
CVE-2018-10363