Medium 6.4
2025-08-28< 10.14.2
Booking Calendar <= 10.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Booking Calendar
Minimum safe version
10.14.16
Update to 10.14.16 or later to address 40 fixable vulnerabilities
Latest available11.0 ✓Affected up to7.1 ⚠
N/A
2026-02-17< 10.14.15
Booking Calendar <= 10.14.14 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Settings Modification
Medium 5.3
2026-01-31< 10.14.14
Booking Calendar <= 10.14.13 - Missing Authorization to Unauthenticated Booking Details Exposure
High 7.6
2026-03-13< 10.14.16
CVE-2026-32358
Medium 4.3
2026-01-16< 10.14.12
CVE-2025-14982
Medium 5.3
2026-01-09< 10.14.11
CVE-2025-14146
High 7.5
2025-12-15< 10.14.9
CVE-2025-14383
Medium 6.4
2025-12-05< 10.14.7
CVE-2025-12804
Medium 6.5
2025-11-13< 10.14.8
CVE-2025-64381
Medium 6.4
2025-05-17< 10.11.2
Booking Calendar <= 10.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpbc Shortcode
Medium 5.3
2025-02-12< 10.10.1
CVE-2024-13821
Medium 6.4
2025-01-14< 10.9.3
CVE-2024-13323
Medium 4.8
2024-12-03< 10.6.5
CVE-2024-10893
Medium 4.8
2024-11-07< 10.6.3
CVE-2024-10027
Medium 4.8
2024-10-04< 10.6.1
CVE-2024-9306
Medium 6.1
2024-08-30< 10.5.1
CVE-2024-8274
Medium 5.4
2024-07-24< 10.2.2
CVE-2024-6930
Critical 9.8
2024-02-08< 9.9.1
CVE-2024-1207
Medium 6.5
2024-12-27< 9.7.4
WordPress Booking Calendar Plugin < 9.7.4 is vulnerable to Cross Site Scripting (XSS)
N/A
2023-09-25< 9.7.4
Booking Calendar <= 9.7.3.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
Medium 6.1
2023-10-17< 9.7.3.1
WordPress Booking Calendar Plugin <= 9.7.3 is vulnerable to Cross Site Scripting (XSS)
N/A
2023-08-01< 6.2.1
WordPress Booking Calendar Plugin <= 6.2 is vulnerable to Cross Site Scripting (XSS)
N/A
2023-07-14< 6.2.1
WordPress Booking Calendar Plugin <= 6.2 is vulnerable to SQL Injection
N/A
2016-07-14< 6.2.1
WordPress Booking Calendar Plugin 6.2 - SQL Injection
N/A
2016-08-01< 6.2.1
WordPress Booking Calendar Plugin <= 6.2 - Reflected Cross Site Scripting
High 7.6
2024-03-26< 9.4.3.1
CVE-2023-23991
N/A
2014-08-01< 4.1.6
Booking Calendar < 4.1.6 - Cross-Site Request Forgery
N/A
2016-08-01< 6.2.1
Booking Calendar <= 6.2 - Authenticated (Editor+) SQL Injection
N/A
2016-08-01< 6.2.1
Booking Calendar <= 6.2 - Cross-Site Request Forgery to SQL Injection
N/A
2016-08-01< 6.2.1
Booking Calendar <= 6.2 - Cross-Site Request Forgery leading to Cross-Site Scripting
N/A
< 4.1.6
Booking Calendar <= 4.1.5 - Cross-Site Request Forgery (CSRF)
N/A
< 6.2.1
Booking Calendar <= 6.2 - SQL Injection
N/A
< 6.2.1
Booking Calendar <= 6.2 - Reflected Cross-Site Scripting (XSS)
Medium 5.4
2022-09-06< 9.2.2
CVE-2022-33177
N/A
2014-08-01< 4.1.6
WordPress Booking Calendar plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability
N/A
2016-08-01< 6.2.1
WordPress Booking Calendar plugin <= 6.2 - SQL Injection (SQLi) vulnerability
N/A
2016-08-01< 6.2.1
WordPress Booking Calendar plugin <= 6.2 - Reflected Cross-Site Scripting (XSS) vulnerability
High 8.8
2022-05-10< 9.1.1
CVE-2022-1463
Medium 6.1
2017-04-28≤ 7.1
CVE-2017-2151
Medium 5.3
2017-04-28≤ 7.0
CVE-2017-2150
High 8.8
2019-03-18< 8.4.5.15
CVE-2018-20556
Medium 6.1
2022-01-03< 8.9.2
CVE-2021-25040