122 matches found
CVE-2024-33543
CVE-2024-33543 is a Missing Authorization vulnerability in the CodePeople WP Time Slots Booking Form plugin, affecting WordPress WP Time Slots Booking Form versions up to 1.2.06 (vendor: CodePeople). The issue enables unauthorized access due to broken access control as described in the CVE entry....
CVE-2024-33543 WordPress WP Time Slots Booking Form plugin <= 1.2.06 - Broken Access Control vulnerability
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.06...
CVE-2024-35734
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through 1.2.10...
PT-2024-26686 · Codepeople · Codepeople Wp Time Slots Booking Form
Name of the Vulnerable Software and Affected Versions: CodePeople WP Time Slots Booking Form versions n/a through 1.2.10 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, which can ...
WordPress plugin WP Time Slots Booking Form Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress WP Time Slots Booking Form plugin <= 1.2.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin WP Time Slots Booking Form versions = 1.2.11...
WordPress WP Time Slots Booking Form plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin WP Time Slots Booking Form versions = 1.2.10...
WordPress WP Time Slots Booking Form Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS)
Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.2.10 Fixed in 1.2.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35734 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 153040c885cf Credits Manab Jyoti Dowarah...
WordPress WP Time Slots Booking Form Plugin <= 1.2.11 is vulnerable to Broken Access Control
Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.2.11 Fixed in 1.2.12 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35735 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 00d0e255c1a4 Credits Manab Jyoti...
CVE-2022-41790
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76...
Authorization
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76...
CVE-2022-41790
WP Time Slots Booking Form (WordPress plugin) versions ≤ 1.1.76 contain a Missing Authorization vulnerability affecting the Feedback Submission flow. Root cause: missing authorization checks allow submitting feedback without proper privileges. CVSS v3.1 base score reported as 4.3 (Medium) in Patc...
CVE-2022-41790 WordPress WP Time Slots Booking Form Plugin <= 1.1.76 is vulnerable to Broken Access Control
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76...
PT-2023-29899 · WordPress · Booking Calendar
Name of the Vulnerable Software and Affected Versions: Booking Calendar WordPress plugin versions prior to 9.7.3.1 Description: The issue allows unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators due to the plugin's failure to sanitize and escape some of i...
Booking Calendar < 9.7.3.1 - Unauthenticated Stored XSS
Description The plugin does not sanitize and escape some of its booking from data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators As an unauthenticated user, submit a booking form such form can be added via the Booking Calendar Block on a...
CVE-2023-23971
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in CodePeople WP Time Slots Booking Form plugin = 1.1.81 versions...
CVE-2023-23971
Summary: CVE-2023-23971 affects the CodePeople WP Time Slots Booking Form WordPress plugin (versions ≤ 1.1.81). The root cause is an authenticated stored XSS due to insufficient sanitization/escaping in plugin settings, enabling an admin+ user to inject scripts that could be executed by other use...
WordPress plugin WP Time Slots Booking Form 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
WordPress WP Time Slots Booking Form Plugin <= 1.1.76 is vulnerable to Broken Access Control
Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.1.76 Fixed in 1.1.77 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-41790 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5e92c19f0383 Credits István Márton...
WordPress WP Time Slots Booking Form Plugin <= 1.1.82 is vulnerable to Broken Access Control
Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.1.82 Fixed in 1.1.83 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23895 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 9da0396d6743 Credits yuyudhn Required...