elbtide 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk sql injection、vendor risk cross-site scripting, and vendor risk csrf があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact session compromise and vendor impact data exposure などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-45824 | Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress. | [email protected] | 5.4 | 0.06% | 2022-12-05 | 2026-04-28 |
| CVE-2022-45822 | Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress. | [email protected] | 10.0 | 0.56% | 2022-12-05 | 2024-11-21 |
| CVE-2022-1007 | The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue | [email protected] | 6.1 | 3.68% | 2022-04-11 | 2024-11-21 |
| CVE-2022-1006 | The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks | [email protected] | 7.2 | 0.59% | 2022-04-11 | 2024-11-21 |
| CVE-2022-0694 | The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action (available to both unauthenticated and authenticated users), leading to an unauthenticated SQL injection | [email protected] | 9.8 | 0.91% | 2022-03-21 | 2024-11-21 |
| CVE-2021-24232 | The Advanced Booking Calendar WordPress plugin before 1.6.8 does not sanitise the license error message when output in the settings page, leading to an authenticated reflected Cross-Site Scripting issue | [email protected] | 5.4 | 0.33% | 2021-04-22 | 2024-11-21 |
| CVE-2021-24225 | The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sanitise the calId GET parameter in the "Seasons & Calendars" page before outputing it in an A tag, leading to a reflected XSS issue | [email protected] | 5.4 | 0.16% | 2021-04-12 | 2024-11-21 |