2 matches found
CVE-2016-10908
CVE-2016-10908 describes a cross-site scripting (XSS) vulnerability in the WordPress plugin booking-calendar-contact-form when using versions before 1.0.24. The issue is a vulnerability in the plugin's handling of input/output that could allow an attacker to inject client-side code. The affected ...
CVE-2016-10909
The CVE-2016-10909 entry concerns the WordPress Booking Calendar Contact Form plugin prior to 1.0.24, which is vulnerable to SQL Injection due to an input handling flaw in that plugin version. The issue is documented consistently across multiple sources (NVD, Red Hat, CVE registries, CNVD, PRION,...