5 matches found
CVE-2025-12842
The Booking Plugin for WordPress Appointments – Time Slot plugin for WordPress is vulnerable to unauthorized email sending in versions up to, and including, 1.4.7 due to missing validation on the tslotapptemail AJAX action. This makes it possible for unauthenticated attackers to send appointment...
CVE-2025-12842 Booking Plugin for WordPress Appointments – Time Slot <= 1.4.7 - Unauthenticated Arbitrary Email Sending
The Booking Plugin for WordPress Appointments – Time Slot plugin for WordPress is vulnerable to unauthorized email sending in versions up to, and including, 1.4.7 due to missing validation on the tslotapptemail AJAX action. This makes it possible for unauthenticated attackers to send appointment...
CVE-2025-12842 Booking Plugin for WordPress Appointments – Time Slot <= 1.4.7 - Unauthenticated Arbitrary Email Sending
The Booking Plugin for WordPress Appointments – Time Slot plugin for WordPress is vulnerable to unauthorized email sending in versions up to, and including, 1.4.7 due to missing validation on the tslotapptemail AJAX action. This makes it possible for unauthenticated attackers to send appointment...
CVE-2024-50418 WordPress Time Slot plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Time Slot Booking Time Slot timeslot allows DOM-Based XSS.This issue affects Time Slot: from n/a through = 1.3.6...
Unauthorized Extension Of Token Validity
simplesamlphp is vulnerable to having a token's validity period extended by an unauthorized party. The vulnerability is possible because there is a flaw in the calculateTokenValue function in TimeLimitedToken.php. The flaw allows an attacker to extend the prepended offset as much as needed to hit...