Wp Time Slots Booking Form Security Vulnerabilities and Issues — Wp Time Slots Booking Form CVE List

CodepeopleWp Time Slots Booking Form

7 matches found

CVE•added 2022/03/07 8:16 a.m.•107 views

CVE-2022-0389

CVE-2022-0389 affects the WP Time Slots Booking Form WordPress plugin (versions before 1.1.63). The issue arises because the plugin does not sanitise/escape calendar names, enabling stored Cross-Site Scripting (XSS) by high-privilege users, even when unfiltered_html is disallowed. Public reports ...

4.8CVSS4.7AI score0.00588EPSS

CVE•added 2024/06/09 12:11 p.m.•62 views

CVE-2024-33543

CVE-2024-33543 is a Missing Authorization vulnerability in the CodePeople WP Time Slots Booking Form plugin, affecting WordPress WP Time Slots Booking Form versions up to 1.2.06 (vendor: CodePeople). The issue enables unauthorized access due to broken access control as described in the CVE entry....

7.5CVSS7.5AI score0.00417EPSS

CVE•added 2024/12/09 11:31 a.m.•57 views

CVE-2023-23895

The CVE-2023-23895 entry describes a Missing Authorization vulnerability in CodePeople WordPress Time Slots Booking Form (plugin) version 1.1.82 and earlier, caused by Broken Access Control / incorrectly configured access levels. Affected software: WP Time Slots Booking Form plugin for WordPress (

7.2CVSS5.1AI score0.00691EPSS

CVE•added 2024/06/10 7:43 a.m.•55 views

CVE-2024-35735

CVE-2024-35735 is a Missing Authorization vulnerability in the CodePeople WP Time Slots Booking Form plugin for WordPress, affecting versions up to 1.2.11 (listed as affected from n/a through 1.2.11). The Red Hat vulnerability entry mirrors these details. The connected documents do not provide a ...

9.8CVSS7.3AI score0.00402EPSS

CVE•added 2024/06/08 12:49 p.m.•48 views

CVE-2024-35734

CVE-2024-35734 is a stored XSS vulnerability in the WP Time Slots Booking Form WordPress plugin. The issue arises from improper input neutralization during web page generation and is exploitable via the plugin’s input (Stored XSS). Affected versions are WP Time Slots Booking Form 1.2.10 and earli...

7.1CVSS6.6AI score0.00308EPSS

CVE•added 2024/01/17 6:13 p.m.•43 views

CVE-2022-41790

WP Time Slots Booking Form (WordPress plugin) versions ≤ 1.1.76 contain a Missing Authorization vulnerability affecting the Feedback Submission flow. Root cause: missing authorization checks allow submitting feedback without proper privileges. CVSS v3.1 base score reported as 4.3 (Medium) in Patc...

8.8CVSS8AI score0.00466EPSS

CVE•added 2023/04/06 5:4 a.m.•42 views

CVE-2023-23971

Summary: CVE-2023-23971 affects the CodePeople WP Time Slots Booking Form WordPress plugin (versions ≤ 1.1.81). The root cause is an authenticated stored XSS due to insufficient sanitization/escaping in plugin settings, enabling an admin+ user to inject scripts that could be executed by other use...

5.9CVSS4.9AI score0.00392EPSS