10 matches found
CVE-2025-67472
Cross-Site Request Forgery CSRF vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through = 4.5.5...
CVE-2025-54677
Unrestricted Upload of File with Dangerous Type vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Using Malicious Files. This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5.3...
CVE-2025-54677
CVE-2025-54677 concerns vcita’s Online Booking & Scheduling Calendar for WordPress (plugin: meeting-scheduler-by-vcita) up to version 4.5.3. The issue is an Unrestricted Upload of File with Dangerous Type , allowing attackers to upload malicious files. Public sources identify the affected plugin ...
CVE-2025-54677 WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.5.3 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Using Malicious Files.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through = 4.5.3...
CVE-2025-54676
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Stored XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n...
CVE-2024-5859 Appointment Booking and Online Scheduling <= 4.4.2 - Reflected Cross-Site Scripting
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘d’ parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2023-39992
Unauth. Reflected Cross-Site Scripting XSS vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita plugin = 4.3.2 versions...
PT-2023-27198 · Vcita · Vcita Online Booking & Scheduling Calendar
Name of the Vulnerable Software and Affected Versions: vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita plugin versions = 4.3.2 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into...
CVE-2023-2299
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction...
CVE-2023-2302
The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the...