Lucene search
K

35 matches found

Patchstack
Patchstack
added 2024/10/15 8:51 p.m.7 views

WordPress Appointment Booking Calendar plugin <= - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Jeewan Kumar Bhatta in WordPress Plugin Simply Schedule Appointments versions = 1.6.7.53...

4.8CVSS5.7AI score0.00358EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/07/10 1:48 p.m.5 views

WordPress Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Booking Ultra Pro versions = 1.1.13...

6.5CVSS6.1AI score0.0032EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/03/04 12:0 a.m.13 views

WordPress Easy!Appointments Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Easy!Appointments Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0698 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1c6efbf20ae Credits wesley wcraft Required...

6.4CVSS5.7AI score0.00408EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/12/28 11:28 a.m.6 views

CVE-2023-50851 WordPress Simply Schedule Appointments Plugin < 1.6.6.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in N Squared Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin.This issue affects Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin: from n/a before...

7.6CVSS7.9AI score0.00534EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/08/24 12:0 a.m.5 views

WordPress plugin Booking Ultra Pro Appointments Booking Calendar Plugin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

7.1CVSS6.8AI score0.00379EPSS
Exploits0References2
OSV
OSV
added 2023/07/17 4:15 p.m.5 views

CVE-2022-36424

Cross-Site Request Forgery CSRF vulnerability in Nikola Loncar Easy Appointments plugin = 3.11.9 versions...

8.8CVSS5.8AI score0.00256EPSS
Exploits0References1
Prion
Prion
added 2023/07/17 4:15 p.m.14 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Nikola Loncar Easy Appointments plugin = 3.11.9 versions...

6.8CVSS8.7AI score0.00256EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/07/17 3:12 p.m.42 views

CVE-2022-36424

CVE-2022-36424 documents a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Easy Appointments, affecting versions up to and including 3.11.9. The issue, caused by insufficient CSRF protection for multiple AJAX actions, could allow an attacker to trigger unintended actions o...

8.8CVSS6.5AI score0.00256EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.22 views

MStore API < 3.9.8 - Unauthenticated Blind SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointment...

9.8CVSS9.8AI score0.05505EPSS
Exploits2Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/24 12:0 a.m.5 views

PT-2023-15059 · Unknown · Booking Ultra Pro Appointments Booking Calendar Plugin

Name of the Vulnerable Software and Affected Versions: Booking Ultra Pro Appointments Booking Calendar Plugin versions = 1.1.4 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing...

8.8CVSS8.7AI score0.00256EPSS
Exploits0References4
Patchstack
Patchstack
added 2023/05/05 12:0 a.m.12 views

WordPress Easy Appointments Plugin <= 3.11.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Easy Appointments Type Plugin Vulnerable versions = 3.11.9 Fixed in 3.11.10 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-36424 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7ad0fdcdf557 Credits István Márton...

8.8CVSS6.6AI score0.00256EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/23 2:31 p.m.7 views

CVE-2022-4668 Easy Appointments < 3.11.2 - Contributor+ Stored XSS in Shortcode

The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

6.1AI score0.00471EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2017/11/13 12:0 a.m.32 views

WordPress Appointments 2.2.2.2 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Appointments Plugin 2.2.2.2 Appointments Plugin is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary...

7.1AI score
Exploits0
Patchstack
Patchstack
added 2017/10/03 12:0 a.m.8 views

WordPress Appointments plugin <=2.2.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability found by Matt Barry WordFence in WordPress Appointments plugin versions =2.2.1. Solution Update the WordPress Appointments plugin to the latest available version at least 2.2.2...

2.9AI score
Exploits0References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2017/10/02 12:0 a.m.5 views

VulnCheck KEV: CVE-2017-20206

The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the wpmudevappointments cookie. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting...

9.8CVSS5.8AI score0.0067EPSS
Exploits0References1
Rows per page
Query Builder