8 matches found
CVE-2025-12842
The Booking Plugin for WordPress Appointments – Time Slot plugin for WordPress is vulnerable to unauthorized email sending in versions up to, and including, 1.4.7 due to missing validation on the tslotapptemail AJAX action. This makes it possible for unauthenticated attackers to send appointment...
EUVD-2025-198105
The Booking Plugin for WordPress Appointments – Time Slot plugin for WordPress is vulnerable to unauthorized email sending in versions up to, and including, 1.4.7 due to missing validation on the tslotapptemail AJAX action. This makes it possible for unauthenticated attackers to send appointment...
CVE-2025-12842
CVE-2025-12842 concerns the WordPress Booking Plugin for Appointments – Time Slot (timeslot) plugin. The vulnerability is an unauthenticated arbitrary email-sending flaw caused by missing validation on the tslot_appt_email AJAX action, allowing attackers to compose and send emails to arbitrary re...
WordPress Booking Plugin for WordPress Appointments – Time Slot plugin <= 1.4.7 - Unauthenticated Arbitrary Email Sending vulnerability
Unauthenticated Arbitrary Email Sending vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Time Slot versions = 1.4.7...
CVE-2024-50418 WordPress Time Slot plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Time Slot Booking Time Slot timeslot allows DOM-Based XSS.This issue affects Time Slot: from n/a through = 1.3.6...
WordPress plugin Time Slot 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Time Slot plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf Patchstack Alliance in WordPress Plugin Time Slot versions = 1.3.6...
WordPress Time Slot Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)
Software Time Slot Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50418 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f8e4da1ec940 Credits Khalid Yusuf Required privilege Contributor...