WordPress Cross-Site Scripting Vulnerability (CNVD-2020-54948)

WordPress is a blogging platform developed using the PHP language, which supports the setting up of personal blog sites on servers with PHP and MySQL. It is widely used internationally and is compatible with self-developed plugins. Powerful and widely used.Ultimate Appointment Booking & Schedulin...

CVE-2020-24313

Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "AppointmentID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially...

CVE-2020-24313

CVE-2020-24313 affects Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin (versions 1.1.9 and lower). The issue is a reflected XSS in which the GET parameter Appointment_ID is echoed back inside an input tag without sanitization, enabling attacker-controlled script via a...

CVE-2020-24313

Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "AppointmentID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially...

Ultimate Appointment Booking & Scheduling < 1.1.10 - Authenticated Cross-Site Scripting (XSS)

The Ultimate Appointment Booking & Scheduling WordPress plugin, versions 1.1.9 and older, were vulnerable to Authenticated Cross-Site Scripting XSS within multiple parameters...