28 Sep 2023

Hacker Targeted WordPress Plugin Booking Calendar Contains Vulnerability That Exposes Customer Data

On one of our websites and in third-party data we monitor, we saw what appeared to be a hacker probing for usage the WordPress plugin Booking Calendar today. In the past year, there was a serious vulnerability fixed in the plugin and lesser security issues fixed in the plugin. Those could possibly explain a hacker’s interest in the plugin, especially the serious vulnerability fixed. To make sure there wasn’t something still in the plugin that might be targeted, we did a quick check of the plugin for security issues that are commonly targeted by hackers. What we found was that the plugin still lacks basic security and that at least allows a hacker to easily gain access to all the customer data submitted through the plugin.

We would recommend avoiding the plugin unless a thorough security review, like the ones we do, is done and all the issues found are addressed. [Read more]

1 Feb 2018

What Happened With WordPress Plugin Vulnerabilities in January 2018

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.

Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during January (and what you have been missing out on if you haven’t signed up yet): [Read more]

2 Jan 2018

What Happened With WordPress Plugin Vulnerabilities in December 2017

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.

Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during December (and what you have been missing out on if you haven’t signed up yet): [Read more]

12 Oct 2017

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in Booking Calendar

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.


[Read more]

26 Apr 2017

Vulnerability Details: Local File Inclusion (LFI) Vulnerability in Booking Calendar

From time to time vulnerabilities are fixed in plugin without someone putting out a report on the vulnerability and we will put out a post detailing the vulnerability. While putting out the details of the vulnerability increases the chances of it being exploited, it also can help to identify vulnerabilities that haven’t been fully fixed (in some cases not fixed at all) and help to identify additional vulnerabilities in the plugin.


[Read more]