10 matches found
CVE-2026-6937
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.11.8 due to the plugin not properly verifying that a user is authorized to perform an action via the bulk appointmen...
CVE-2026-6937
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.11.8 due to the plugin not properly verifying that a user is authorized to perform an action via the bulk appointmen...
CVE-2026-6937 Appointment Booking Calendar <= 1.6.11.8 - Missing Authorization to Unauthenticated Arbitrary Modification via Bulk Appointments REST API Endpoint
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.11.8 due to the plugin not properly verifying that a user is authorized to perform an action via the bulk appointmen...
CVE-2026-6937
The CVE covers the WordPress plugin Simply Schedule Appointments (Appointment Booking Calendar) with versions up to 1.6.11.8. Root cause: Missing authorization on the bulk appointments REST API endpoint, allowing unauthenticated attackers to modify arbitrary appointment records (including custome...
CVE-2024-0237
The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc...
EventON (Free < 2.2.9, Premium < 4.5.9) - Unauthenticated Virtual Event Settings Update
Description The plugins do not have authorisation and CSRF in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc To set the Meeting URL to https://attacker.com/ on the Virtual Event with ID 240: curl -X POST --da...
EventON < 2.2 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Create a new events. 2. In the "Eve...
CVE-2022-28763
The Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks...
CVE-2020-3142 Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join Vulnerability
A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iO...
Security update 1970-01-01
...