35 matches found
WordPress Appointment Booking Calendar plugin <= - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Jeewan Kumar Bhatta in WordPress Plugin Simply Schedule Appointments versions = 1.6.7.53...
WordPress Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.13 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Booking Ultra Pro versions = 1.1.13...
WordPress Easy!Appointments Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Easy!Appointments Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0698 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1c6efbf20ae Credits wesley wcraft Required...
CVE-2023-50851 WordPress Simply Schedule Appointments Plugin < 1.6.6.1 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in N Squared Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin.This issue affects Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin: from n/a before...
WordPress plugin Booking Ultra Pro Appointments Booking Calendar Plugin 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2022-36424
Cross-Site Request Forgery CSRF vulnerability in Nikola Loncar Easy Appointments plugin = 3.11.9 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Nikola Loncar Easy Appointments plugin = 3.11.9 versions...
CVE-2022-36424
CVE-2022-36424 documents a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Easy Appointments, affecting versions up to and including 3.11.9. The issue, caused by insufficient CSRF protection for multiple AJAX actions, could allow an attacker to trigger unintended actions o...
MStore API < 3.9.8 - Unauthenticated Blind SQLi
The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointment...
PT-2023-15059 · Unknown · Booking Ultra Pro Appointments Booking Calendar Plugin
Name of the Vulnerable Software and Affected Versions: Booking Ultra Pro Appointments Booking Calendar Plugin versions = 1.1.4 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing...
WordPress Easy Appointments Plugin <= 3.11.9 is vulnerable to Cross Site Request Forgery (CSRF)
Software Easy Appointments Type Plugin Vulnerable versions = 3.11.9 Fixed in 3.11.10 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-36424 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7ad0fdcdf557 Credits István Márton...
CVE-2022-4668 Easy Appointments < 3.11.2 - Contributor+ Stored XSS in Shortcode
The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
WordPress Appointments 2.2.2.2 Cross Site Scripting
Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Appointments Plugin 2.2.2.2 Appointments Plugin is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary...
WordPress Appointments plugin <=2.2.1 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability found by Matt Barry WordFence in WordPress Appointments plugin versions =2.2.1. Solution Update the WordPress Appointments plugin to the latest available version at least 2.2.2...
VulnCheck KEV: CVE-2017-20206
The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the wpmudevappointments cookie. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting...