3 matches found
CVE-2026-1856
The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-1856
Summary: CVE-2026-1856 affects the WordPress plugin “Appointment Booking Calendar” (Creavi Booking Service)
PT-2024-22818 · Unknown · Ninja Forms
Name of the Vulnerable Software and Affected Versions: Ninja Forms versions prior to 3.8.1 Description: The issue is related to a cross-site scripting vulnerability in custom fields for labels. If exploited, an arbitrary script may be executed on the web browser of the user accessing the website...