Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-12239: WP Booking System – Booking Calendar

The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access.

CVE
#sql#xss#csrf#web#google#js#wordpress#php#perl#sap
  • Details
  • Reviews
  • Installation
  • Development

The booking calendar plugin for WordPress. WP Booking System is used by more than 9,000 active users, with a satisfaction rate that borders on 5*!

Is this booking calendar for you?

  • Do you rent something out, like a holiday home, a boat or something else?
  • Do you have a WordPress website and need a bit of help to keep track of your rentals through a booking calendar?

…then yes! The WP Booking System is perfect for your needs.

Get easy online booking with this lightweight and powerful booking system.

A set-and-forget booking calendar for your rental business

WP Booking System is a simple booking calendar for WordPress. You will be up and running in just a few minutes. You can create booking calendars and forms, and you can manage your bookings. You can easily customize the booking calendar to fit your needs.

Start receiving bookings from your visitors today!

Display available dates in your booking calendar

With just one click you can create the first booking calendar for your holiday home or rental business. Already have bookings made? You can manually manage the calendar’s availability in just a few seconds.

Now your booking calendar is up to date with the latest bookings and available dates!

Create a form and enable clients to make bookings online

The beauty of this WordPress booking calendar is that it allows your website visitors to book available calendar dates on the spot through a fully customizable booking calendar form.

Enable your clients to use the rental calendar fast and easy. In just three simple steps, clients will be able to reserve a slot on your booking calendar:

  • Hover over the booking calendar to pick a starting date. Click on it, then move the cursor to select the number of days to book. (clients can easily see booked days by using the booking system legend)
  • Next, fill in the booking system form (you can edit the form fields at any time to make sure clients submit the most relevant information you need; mark fields as compulsory or optional)
  • Finally, click the booking button to make a reservation.

With the premium version of the booking system, you can allow customers to make online bookings using the top payment platforms available at the moment!

Click here to see a demo of the premium version

You can review and manage calendar bookings from the back-end, so you are always in control. You can even set up automatic calendar notifications so you will receive an email when a booking is made. Now you’re all set to receive online bookings through your booking calendar.

Receive and manage bookings

All your bookings are saved in your rental calendar and are beautifully displayed so you can easily access them and view the booking details.

No time to read the description? Discover the top benefits of WP Booking System in just 40 seconds!

Features of the Free version:

  • Create your own booking system: a booking calendar and a booking form!
  • Receive and manage bookings
  • Save extra booking information
  • Generate a shortcode to insert the booking calendar and booking form into a page or post
  • Use the Gutenberg block to embed the booking calendar
  • WP Booking System Widget
  • The booking calendar supports multiple languages

EXTRA FEATURES OF THE PREMIUM BOOKING CALENDAR VERSION:

  • The booking system can accept online and offline payments
  • iCalendar Sync, Import and Export
  • Create an unlimited number of booking calendars
  • Create an unlimited number of booking forms
  • Create your own rental calendar legend: apply your own colors and text
  • Split days selection
  • Display multiple months
  • Change the first day of the week
  • Change the start month / year
  • Display an overview reservation calendar
  • Edit multiple dates with just one click
  • Display tooltips with extra info
  • Hide calendar bookings from the past from your visitors
  • Set the minimum number of days that the visitor must book
  • Show the week’s number on the booking calendar
  • Automatically block booked days directly
  • Send booking notifications
  • User management within the booking system
  • Very easy to translate into any language
  • Professional support for any question related to the booking calendar
  • Download the Premium version at: www.wpbookingsystem.com

This WP Booking Calendar Plugin is for…

Any rental business should use the WP Booking Calendar plugin to keep track of their rental calendar throughout the year.

  • Property rentals: bed & breakfast, hotels, hotel rooms, cottages, apartments, houses, apartment rooms (use WP Booking System even when you are renting through AirBNB, Booking.com etc.)
  • Boat rentals
  • Car & motorcycle rentals
  • Sports equipment rentals (full day ski equipment rental, bike rentals, skates rentals etc)
  • Events rentals (full day trainings/courses, parties, weddings, baptisms, corporate events, business meetings, conferences etc)
  • Speakers, singers, photographers, videographers, inspectors can also benefit from using WP Booking system

The booking system will soon become an indispensable tool in your business, and you will find yourself using it daily to manage reservations in your calendar.

How the booking calendar helps your clients

  • Clients can make calendar bookings online, by accessing your website
  • No need to call to make a reservation
  • They can see the available calendar dates and manage their schedule to make a booking
  • They can make simple and fast bookings from the comfort of their own home, directly from their mobile phones

Key booking system benefits for your business

  • Collect relevant information about your clients through the booking system form (configure the rental calendar form to your needs). No need to call or collect this information at the desk.
  • Use the WP Booking System on the go, from your mobile phone. The WP Booking Calendar can be used from mobile devices with ease – simply log in to your website and make any necessary edits just like on a computer.
  • Manage bookings offline – when you meet with a client 1:1 and they want to make a future booking, simply log in to your website, access the booking calendar and make the reservation on the spot, for them.
  • Stay up to date with calendar bookings by receiving email confirmations and reminders

WP Booking System in a nutshell…

Get organised and start receiving bookings with WP booking system. With this WP plugin you can create booking calendars, booking forms and accept bookings via your website. Setting it up is really easy and you will be up and running in just a few minutes. Bookings will be clearly listed in your booking calendar and you can stay organised. The booking calendar plugin works simply and it can be translated into several languages.

This plugin provides 1 block.

  • WP Booking System - Booking Calendar
  1. Install the plugin by uploading the zip file (Plugins > Add New > Upload)
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Click on the ‘WP Booking System’ menu entry
  4. Click on ‘Add New’ at the top of the page to create a calendar
  5. To embed a calendar on a page or post, use the ‘Add Calendar’ button at that page

How can I embed the booking calendar on a page or post?

By using the ‘Add Calendar’ button above the editor, the Gutenberg module, a widget, or directly by using the shortcode. An example of the shortcode is:

[wpbs id="1" title="yes/no" legend="yes/no" language="auto" form_id="1"]

Will this booking system work for me?

We’re pretty sure about that! We made this plugin as ‘flexible’ as possible. The booking plugin works with bookings on a per day basis (no time slots). So if you rent something out on a daily basis, then the WP Booking System is a good choice.

I have another question

Please see www.wpbookingsystem.com for more information and ask your questions there!

Very good plugin, fits exactly to our needs. The most reactive an fastest support I have ever seen.

Great versatile plugin and the support is excellent.

When asking for an update to a Wordpress plugin you immediately think that you won’t even get a reply but I was pleasantly surprised when Roland replied to my request saying that if they get time they will include my request.I thought that this would be the end of it but 2 weeks later when there was a plugin update, I noticed that my request had been considered and implemented.This makes my life so much easier when the people booking wish to change the boat they have booed and now that I can easily switch calendars without deleting and re entering all the details. Many thanks and special praise to the supporter named Roland!Lucien @ Ellerbeck Narrowboats

The support from Roland is fantastic, fast and in depth. I had a requirement for an additional function, Roland was back within an hour with it added to the Pro version. Can’t recomment this plugi highly enough.

I installed this for our campsite bookings. I have tried a couple of other booking plugins but this is by far the best. Our requirement are straightforward: a single campsite that only takes one booking, but has variable nightly costs and optional additional campers. The plugin was perfect for this. Set up was a bit involved, but they all are like that. Configuration of things like notifications and payments was straightforward and clear. The Stripe integration is particularly good. I only have one criticism: when you configure manual acceptance of bookings, and then accept a booking, the relevant date statuses do not update automatically. This has to be done manually. However, I’m sure they will change that at some point. All in all a great plugin, well worth the fee and with really good support.

Plugin is working really well. Managing my bookings and syncing with bookin.com and AirBnB works like a charm. In the exceptional situation that I need some support, Roland is always available to help out. Perfect support.

Read all 248 reviews

“WP Booking System – Booking Calendar” is open source software. The following people have contributed to this plugin.

Contributors

  • Roland Murg

2.0.18.1

  • Improved: Security improvements

2.0.18

  • Fixed: Deprecated notice when activating the plugin

2.0.17

  • New: Added “Number” form field

2.0.16

  • Improved: Updated Elementor Widget

2.0.15

  • Improved: Security fix

2.0.14

  • New: Added Icelandinc Language
  • New: Added Chinese Language
  • New: Added Latvian Language
  • Improved: Compatibility with WP 5.6 and TwentyTwentyone theme

2.0.13

  • Fixed: Bug with reCAPTCHA key not being included.

2.0.12

  • New: Added Indonesian language
  • Fixed: An issue with calendar not being sized properly on page load.
  • Fixed: An issue that could cause reCAPTCHA not to validate on some server configurations.

2.0.11

  • Improved: Minified CSS and JS Files.
  • Improved: Removed Duplicate HTML IDs in form editor
  • Fixed: A jQuery error that appeared in some cases when editing the form

2.0.10

  • Fixed: Backend calendar is now displayed in the correct language set in WordPress.

2.0.9

  • Improved: Compatibility changes for the new WordPress 5.4
  • Improved: Calendar dynamic sizing when resizing the viewport

2.0.8

  • Fixed: Single date selection on mobile devices

2.0.7

  • New: Added Korean language
  • Improved: Changed translation file locations
  • Improved: Minified JS file
  • Fixed: CSS display issue for Email Tags
  • Fixed: Language codes for Slovenian and Swedish
  • Fixed: Changed Czech flag

2.0.6

  • Improved: Admin Layout changes to match WP 5.3

2.0.5

  • Fixed: Widget not allowing a calendar without a form
  • Fixed: Email not allowing HTML tags

2.0.4

  • Fixed: Translation of dates sent in emails
  • Fixed: iCalendar sync delay bug
  • Improved: Calendar date selection styling

2.0.3

  • Added: Chinese Language

2.0.2

  • Fixed: iPhone and iPad bug when selecting calendar dates

2.0.1

  • Fixed: Bug that caused some emails not to be sent.

2.0.0

  • Major Rebuild
  • New: Gutenberg Module
  • Improved: Calendar Editor
  • Improved: Form Builder
  • Improved: Booking Manager
  • Improved: Calendar front-end display

1.5.2

  • Fixed Deprecated widget constructor

1.5.2

  • Security Improvements

1.5.1

  • Fixed: Issue with hovering over calendar dates.

1.5

  • Added Bulgarian language
  • Fixed Mod_Security new SQL Injection filter conflict

1.4

  • Added filters to sanitize user input to prevent cross-site scripting (XSS) and SQL injections. Thanks to JPCERT/CC for pointing us at this issue.

1.3.3

  • Fixed a small CSS issue regarding bulk edit

1.3.2

  • Fixed translation problem regarding form options (i.e. radio buttons)

1.3.1

  • The notification of unread bookings now disappears when you delete the related calendar

1.3

  • The admin panel is now fully responsive
  • Updated the Premium features list

1.2.3

  • Small tweak to support PHP 7

1.2.2

  • Hide notifications in the toolbar when the user does not have access to the corresponding page

1.2.1

  • Decode booking details before saving

1.2

  • Minor bug fixes

1.1

  • UTF-8 fix

1.0

  • Changed the version number to 1.0

0.7

  • Small CSS fixes and a language fix related to the widget

0.6

  • Second output buffer fix

0.5

  • Output buffer fix

0.4

  • Fix in booking details fields.
  • Update (elaboration): The booking notes (the content of the text fields near the editable dates in the admin panel) were shown in the source code of the page the calendar was displayed on (this content can also be indexed by Google). If you were vulnerable, your website and the booking notes may have been archived and exposed by https://archive.org, and possibly by other sites. Please ask them to delete your data if needed. Affected versions of the Free version: All versions lower than 0.4.

0.3

  • Minor fix

0.2

  • Small CSS fixes

0.1

  • First release

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907