The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NDwbooster Appointment Hour Booking
APPDwbooster< 1.3.17
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
Related vulnerabilities
CVE-2022-4035HIGH7.2ten sam produkt
The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general...
CVE-2022-4034MEDIUM5.8ten sam produkt
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and includ...
CVE-2022-4036MEDIUM5.3ten sam produkt
The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and inclu...
CVE-2022-41692MEDIUM4.3ten sam produkt
Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress.
CVE-2022-1710MEDIUM4.8ten sam produkt
The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Cal...