Known Vulnerabilities for Pinpoint Booking System by Pinpoint
Listed below are 5 of the newest known vulnerabilities associated with "Pinpoint Booking System" by "Pinpoint".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-39678 json | Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Config... | Not Provided | 2026-04-08 | 2026-04-29 |
| CVE-2024-54252 json | Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Config... | Not Provided | 2024-12-13 | 2026-04-23 |
| CVE-2024-53815 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DOTonPAPER Pinpoint Boo... | Not Provided | 2024-12-06 | 2026-04-23 |
| CVE-2024-49304 json | Cross-Site Request Forgery (CSRF) vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Stored XSS.This i... | Not Provided | 2024-10-17 | 2026-04-23 |
| CVE-2024-13235 json | The Pinpoint Booking System – #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'lang... | Not Provided | 2025-02-21 | 2026-04-08 |
| CVE-2023-45270 json | Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions. | 8.8 - HIGH | 2023-10-13 | 2023-10-18 |
| CVE-2023-25062 json | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.2.8 ... | 4.8 - MEDIUM | 2023-04-06 | 2023-11-07 |
| CVE-2023-0220 json | The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes be... | 8.8 - HIGH | 2023-02-13 | 2023-11-07 |
| CVE-2015-9460 json | The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language param... | 8.8 - HIGH | 2019-10-10 | 2019-10-15 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Pinpoint | Pinpoint Booking System | 2.9.3 | |||
| Application | Pinpoint | Pinpoint Booking System | 2.9.2 | |||
| Application | Pinpoint | Pinpoint Booking System | 2.9.1 | |||
| Application | Pinpoint | Pinpoint Booking System | 2.9.0 | |||
| Application | Pinpoint | Pinpoint Booking System | 2.8.9 | |||
| Application | Pinpoint | Pinpoint Booking System | 2.8.8 | |||
| Application | Pinpoint | Pinpoint Booking System | 2.8.7 | |||
| Application | Pinpoint | Pinpoint Booking System | 2.8.6 | |||
| Application | Pinpoint | Pinpoint Booking System | 2.8.5 | |||
| Application | Pinpoint | Pinpoint Booking System | 2.8.4 | |||
| Application | Pinpoint | Pinpoint Booking System | 2.8.3 | |||
| Application | Pinpoint | Pinpoint Booking System | 2.8.2 | |||
| Application | Pinpoint | Pinpoint Booking System | 2.8.1 | |||
| Application | Pinpoint | Pinpoint Booking System | 2.8.0 | |||
| Application | Pinpoint | Pinpoint Booking System | 2.7.9 | |||
| Application | Pinpoint | Pinpoint Booking System | 2.7.8 | |||
| Application | Pinpoint | Pinpoint Booking System | 2.7.7 | |||
| Application | Pinpoint | Pinpoint Booking System | 2.7.6 | |||
| Application | Pinpoint | Pinpoint Booking System | 2.7.5 | |||
| Application | Pinpoint | Pinpoint Booking System | 2.7.4 |