Lucene search
+L

122 matches found

CVE
CVE
added 2024/06/09 12:11 p.m.64 views

CVE-2024-33543

CVE-2024-33543 is a Missing Authorization vulnerability in the CodePeople WP Time Slots Booking Form plugin, affecting WordPress WP Time Slots Booking Form versions up to 1.2.06 (vendor: CodePeople). The issue enables unauthorized access due to broken access control as described in the CVE entry....

7.5CVSS7.5AI score0.00417EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/09 12:11 p.m.20 views

CVE-2024-33543 WordPress WP Time Slots Booking Form plugin <= 1.2.06 - Broken Access Control vulnerability

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.06...

7.5CVSS6.9AI score0.00417EPSS
Exploits0References1
NVD
NVD
added 2024/06/08 1:15 p.m.29 views

CVE-2024-35734

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through 1.2.10...

7.1CVSS0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/06/08 12:0 a.m.4 views

PT-2024-26686 · Codepeople · Codepeople Wp Time Slots Booking Form

Name of the Vulnerable Software and Affected Versions: CodePeople WP Time Slots Booking Form versions n/a through 1.2.10 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, which can ...

7.1CVSS6.1AI score0.00308EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/06/08 12:0 a.m.5 views

WordPress plugin WP Time Slots Booking Form Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS6.2AI score0.00308EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/06/06 1:31 p.m.7 views

WordPress WP Time Slots Booking Form plugin <= 1.2.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin WP Time Slots Booking Form versions = 1.2.11...

9.8CVSS7AI score0.00402EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/06/06 1:29 p.m.4 views

WordPress WP Time Slots Booking Form plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin WP Time Slots Booking Form versions = 1.2.10...

7.1CVSS6.1AI score0.00308EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/06/06 12:0 a.m.19 views

WordPress WP Time Slots Booking Form Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS)

Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.2.10 Fixed in 1.2.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35734 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 153040c885cf Credits Manab Jyoti Dowarah...

7.1CVSS6.5AI score0.00308EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/06/06 12:0 a.m.19 views

WordPress WP Time Slots Booking Form Plugin <= 1.2.11 is vulnerable to Broken Access Control

Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.2.11 Fixed in 1.2.12 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35735 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 00d0e255c1a4 Credits Manab Jyoti...

9.8CVSS6.6AI score0.00402EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/01/17 6:15 p.m.6 views

CVE-2022-41790

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76...

8.8CVSS5.8AI score0.00466EPSS
Exploits0References1
Prion
Prion
added 2024/01/17 6:15 p.m.22 views

Authorization

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76...

6.5CVSS7.2AI score0.00466EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/01/17 6:13 p.m.44 views

CVE-2022-41790

WP Time Slots Booking Form (WordPress plugin) versions ≤ 1.1.76 contain a Missing Authorization vulnerability affecting the Feedback Submission flow. Root cause: missing authorization checks allow submitting feedback without proper privileges. CVSS v3.1 base score reported as 4.3 (Medium) in Patc...

8.8CVSS8AI score0.00466EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/01/17 6:13 p.m.38 views

CVE-2022-41790 WordPress WP Time Slots Booking Form Plugin <= 1.1.76 is vulnerable to Broken Access Control

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76...

4.3CVSS8.9AI score0.00466EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.7 views

PT-2023-29899 · WordPress · Booking Calendar

Name of the Vulnerable Software and Affected Versions: Booking Calendar WordPress plugin versions prior to 9.7.3.1 Description: The issue allows unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators due to the plugin's failure to sanitize and escape some of i...

6.1CVSS6.2AI score0.00475EPSS
Exploits2References6
wpexploit
wpexploit
added 2023/09/11 12:0 a.m.135 views

Booking Calendar < 9.7.3.1 - Unauthenticated Stored XSS

Description The plugin does not sanitize and escape some of its booking from data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators As an unauthenticated user, submit a booking form such form can be added via the Booking Calendar Block on a...

6.1CVSS6AI score0.00475EPSS
Exploits2
OSV
OSV
added 2023/04/06 6:15 a.m.6 views

CVE-2023-23971

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in CodePeople WP Time Slots Booking Form plugin = 1.1.81 versions...

4.8CVSS5.8AI score0.00392EPSS
Exploits0References1
CVE
CVE
added 2023/04/06 5:4 a.m.44 views

CVE-2023-23971

Summary: CVE-2023-23971 affects the CodePeople WP Time Slots Booking Form WordPress plugin (versions ≤ 1.1.81). The root cause is an authenticated stored XSS due to insufficient sanitization/escaping in plugin settings, enabling an admin+ user to inject scripts that could be executed by other use...

5.9CVSS4.9AI score0.00392EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/04/06 12:0 a.m.6 views

WordPress plugin WP Time Slots Booking Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

5.9CVSS5AI score0.00392EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/02/28 12:0 a.m.14 views

WordPress WP Time Slots Booking Form Plugin <= 1.1.76 is vulnerable to Broken Access Control

Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.1.76 Fixed in 1.1.77 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-41790 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5e92c19f0383 Credits István Márton...

8.8CVSS6.9AI score0.00466EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/01/20 12:0 a.m.10 views

WordPress WP Time Slots Booking Form Plugin <= 1.1.82 is vulnerable to Broken Access Control

Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.1.82 Fixed in 1.1.83 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23895 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 9da0396d6743 Credits yuyudhn Required...

6.5AI score0.00691EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder