5 matches found
Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Exploit Title: Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Google Dork: N/A Date: 2020-03-05 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.codepeople.net/ Software Link:...
WordPress Appointment Booking Calendar 1.3.34 CSV Injection
Exploit Title: Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Google Dork: N/A Date: 2020-03-05 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.codepeople.net/ Software Link: https://downloads.wordpress.org/plugin/appointment-booking-calendar.zip Version:...
WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
Exploit Title: Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Google Dork: N/A Date: 2020-03-05 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.codepeople.net/ Software Link: https://downloads.wordpress.org/plugin/appointment-booking-calendar.zip Version:...
CVE-2020-9372
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input in fields such as Description or Name in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabcappointments.php. The attacker could achieve...
CVE-2020-9372
The CVE affects the WordPress plugin Appointment Booking Calendar prior to version 1.3.35. The vulnerability allows any user-supplied input in booking form fields (e.g., Description or Name) to be treated as a formula and exported via the CSV export in the admin bookings list, enabling remote cod...