5 matches found
EUVD-2025-1902
Malicious code in bioql PyPI...
CVE-2025-0862
The SuperSaaS – online appointment scheduling plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘after’ parameter in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
CVE-2025-0862 SuperSaaS – online appointment scheduling <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via after Parameter
The SuperSaaS – online appointment scheduling plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘after’ parameter in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
CVE-2025-0862
CVE-2025-0862 describes a stored cross-site scripting flaw in the WordPress plugin SuperSaaS – online appointment scheduling . Affected versions up to and including 2.1.12 allow an authenticated attacker with Contributor+ privileges to inject arbitrary scripts via the after parameter, which execu...
WordPress SuperSaaS – online appointment scheduling plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin SuperSaaS – online appointment scheduling versions = 2.1.9...