CVE-2025-62934

Cross-Site Request Forgery CSRF vulnerability in Mejar WP Business Hours wp-business-hours allows Stored XSS.This issue affects WP Business Hours: from n/a through = 1.4...

EUVD-2025-36007

Cross-Site Request Forgery CSRF vulnerability in Mejar WP Business Hours wp-business-hours allows Stored XSS.This issue affects WP Business Hours: from n/a through = 1.4...

CVE-2025-62934

Cross-Site Request Forgery CSRF vulnerability in Mejar WP Business Hours wp-business-hours allows Stored XSS.This issue affects WP Business Hours: from n/a through = 1.4...

CVE-2025-62934 WordPress WP Business Hours plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Mejar WP Business Hours wp-business-hours allows Stored XSS.This issue affects WP Business Hours: from n/a through = 1.4...

CVE-2025-62934

CVE-2025-62934 is a CSRF vulnerability in the WordPress plugin WP Business Hours (wp-business-hours) &lt;= 1.4 that enables stored XSS. Public sources consistently describe CSRF leading to stored XSS across multiple trackers (NVD, Red Hat, ENISA EUVD, CVE list, Patchstack, Wordfence). The descrip...

CVE-2025-62934 WordPress WP Business Hours plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Mejar WP Business Hours wp-business-hours allows Stored XSS.This issue affects WP Business Hours: from n/a through = 1.4...

WordPress plugin WP Business Hours 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

PT-2025-43810

Cross-Site Request Forgery CSRF vulnerability in Mejar WP Business Hours wp-business-hours allows Stored XSS.This issue affects WP Business Hours: from n/a through = 1.4...

WordPress WP Business Hours plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WP Business Hours versions = 1.4...

CVE-2024-6175

The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the multiple functions called via AJAX like savefieldssettings, bupdeleteuseravatar, bupcropavataruserprofileimage, and more in a...

CVE-2024-6175

The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the multiple functions called via AJAX like savefieldssettings, bupdeleteuseravatar, bupcropavataruserprofileimage, and more in a...

PT-2024-37434 · WordPress · Booking Ultra Pro Appointments Booking Calendar Plugin

Name of the Vulnerable Software and Affected Versions: The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress versions up to, and including, 1.1.13 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify and delete multiple...

CVE-2021-24593

The Business Hours Indicator WordPress plugin before 2.3.5 does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue...

CVE-2021-24593 Business Hours Indicator < 2.3.5 - Authenticated Stored XSS

The Business Hours Indicator WordPress plugin before 2.3.5 does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue...

CVE-2021-24593

CVE-2021-24593 affects the WordPress plugin Business Hours Indicator prior to version 2.3.5. The vulnerability is an Authenticated Stored Cross-Site Scripting (XSS) caused by the plugin not sanitising or escaping the 'Now closed message' setting in both backend and frontend outputs. Impact is sto...

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Business Hours Indicator prior t...

WordPress Business Hours Indicator plugin <= 2.3.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Business Hours Indicator plugin versions = 2.3.4. Solution Update the WordPress Business Hours Indicator plugin to the latest available version at least 2.3.5...

Business Hours Indicator < 2.3.5 - Authenticated Stored XSS

The plugin does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue Put the following payload in the "Now closed message" setting and save them: alert/XSS/ Then refresh the setting...

Business Hours Indicator < 2.3.5 - Authenticated Stored XSS

The plugin does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue PoC Put the following payload in the "Now closed message" setting and save them: Then refresh the setting page, or ...

WordPress code issue vulnerability (CNVD-2021-44308)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code issue vulnerability exists in Business Hours Pro WordPress plugin version 5.5.0 and prior...