3 matches found
CVE-2022-0389
The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0389 WP Time Slots Booking Form < 1.1.63 - Admin+ Stored Cross-Site Scripting
The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0389
CVE-2022-0389 affects the WP Time Slots Booking Form WordPress plugin (versions before 1.1.63). The issue arises because the plugin does not sanitise/escape calendar names, enabling stored Cross-Site Scripting (XSS) by high-privilege users, even when unfiltered_html is disallowed. Public reports ...