CVE-2024-0698 Easy!Appointments <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyappointments' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-0698

Summary: CVE-2024-0698 affects the Easy!Appointments WordPress plugin. The vulnerability is a stored XSS in shortcode handling due to insufficient input sanitization and output escaping on user-supplied attributes in all versions up to 1.3.1. Exploitation requires contributor-level (or higher) au...

WordPress Easy!Appointments Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Easy!Appointments Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0698 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1c6efbf20ae Credits wesley wcraft Required...

CVE-2023-6808 Booking for Appointments and Events Calendar – Amelia <= 1.0.93 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.0.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

WordPress plugin Booking for Appointments and Events Calendar security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

Booking for Appointments and Events Calendar – Amelia < 1.0.94 - Contributor+ Stored Cross-Site Scripting via shortcode

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.0.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

WordPress Booking for Appointments and Events Calendar - Amelia Plugin < 1.0.86 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tms-outsource:amelia"; if description...

CVE-2023-50851

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in N Squared Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin.This issue affects Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin: from n/a before...

CVE-2023-50851

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in N Squared Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin.This issue affects Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin: from n/a before...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in N Squared Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin.This issue affects Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin: from n/a before...

CVE-2023-50851 WordPress Simply Schedule Appointments Plugin < 1.6.6.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in N Squared Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin.This issue affects Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin: from n/a before...

CVE-2023-50851

CVE-2023-50851 affects the WordPress plugin “Appointment Booking Calendar — Simply Schedule Appointments” and is an Authenticated SQL Injection vulnerability. The issue exists in versions prior to 1.6.6.1 (reports show a patched state in 1.6.5.27; official wording indicates remediation by 1.6.6.1...

CVE-2023-50860

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TMS Booking for Appointments and Events Calendar – Amelia allows Stored XSS.This issue affects Booking for Appointments and Events Calendar – Amelia: from n/a through 1.0.85...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TMS Booking for Appointments and Events Calendar – Amelia allows Stored XSS.This issue affects Booking for Appointments and Events Calendar – Amelia: from n/a through 1.0.85...

CVE-2023-50860 WordPress Amelia Plugin <= 1.0.85 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TMS Booking for Appointments and Events Calendar – Amelia allows Stored XSS.This issue affects Booking for Appointments and Events Calendar – Amelia: from n/a through 1.0.85...

CVE-2023-50860

CVE-2023-50860 is a Stored XSS in the Booking for Appointments and Events Calendar – Amelia plugin for WordPress, affecting Amelia Booking versions up to 1.0.85. The vulnerability arises from improper neutralization of input during web page generation, allowing malicious input to be reflected and...

WordPress Plugin Booking for Appointments and Events Calendar Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2023-31693 · Unknown · Tms Booking For Appointments/Events Calendar – Amelia

Name of the Vulnerable Software and Affected Versions: TMS Booking for Appointments and Events Calendar – Amelia versions 1.0 through 1.0.85 Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means...

WordPress Simply Schedule Appointments Plugin < 1.6.6.1 is vulnerable to SQL Injection

Software Simply Schedule Appointments Type Plugin Vulnerable versions 1.6.6.1 Fixed in 1.6.6.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50851 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID a0f5e904e5c2 Credits Muhammad Daffa Required privilege...

Cyberattack hits 5 hospitals

Canadian health service provider TransForm has published an update about the cyberattack at its member hospitals. TransForm is a not-for-profit, shared service organization founded by the five hospitals in Erie St. Clair to manage their hospital IT, supply chain, and accounts payable needs. The...