Medium 5.3 Unfixed
2026-04-08≤ 2.9.9.6.5
CVE-2026-39678
Pinpoint Booking System – Version 2
Minimum safe version
2.9.9.6.0
Update to 2.9.9.6.0 or later to address 16 fixable vulnerabilities
Latest available2.9.9.6.7 ✓⚠ 1 vulnerability has no fix
Medium 6.5
2025-02-21< 2.9.9.6.0
Pinpoint Booking System – #1 WordPress Booking Plugin <= 2.9.9.5.4 - Authenticated (Subscriber+) SQL Injection
Medium 6.3
2024-12-13< 2.9.9.5.8
CVE-2024-54252
High 8.5
2024-12-06< 2.9.9.5.2
CVE-2024-53815
Medium 5.4
2024-10-17< 2.9.9.5.8
CVE-2024-49304
Medium 6.5
2024-09-09< 2.9.9.5.1
WordPress Pinpoint Booking System Plugin <= 2.9.9.5.0 is vulnerable to SQL Injection
Medium 5.4
2024-08-05< 2.9.9.4.8
CVE-2024-3636
Medium 4.3
2023-10-13< 2.9.9.4.1
CVE-2023-45270
Medium 6.5
2024-06-04< 2.9.9.3.5
CVE-2023-38520
Medium 5.9
2023-04-06< 2.9.9.2.9
CVE-2023-25062
High 8.8
2023-02-13< 2.9.9.2.9
CVE-2023-0220
N/A
2013-07-04< 1.4
Pinpoint Booking System – #1 WordPress Booking Plugin <= 1.3.1 - Reflected Cross-Site Scripting
N/A
< 1.4
Booking System - Reflected Cross-Site Scripting (XSS)
N/A
2015-07-07< 2.1
WordPress Booking System Plugin <= 2.0 - Blind SQL Injection
N/A
2015-11-24< 1.4
WordPress Booking System Plugin <= 1.3 - Cross Site Scripting
N/A
2023-05-21< 1.4
WordPress Pinpoint Booking System Plugin <= 1.3 is vulnerable to SQL Injection
High 8.8
2019-10-10< 2.1
CVE-2015-9460