2 matches found
CVE-2019-5972
CVE-2019-5972 affects the WordPress plugin Online Lesson Booking (versions 0.8.6 and earlier). It is a stored cross-site scripting (CWE-79) vulnerability that could allow remote attackers to inject arbitrary script/HTML, potentially executing in the browser of users with administrative privileges...
CVE-2019-5973
CVE-2019-5973 is a CSRF vulnerability in the WordPress Plugin “Online Lesson Booking” that affects version 0.8.6 and earlier. The flaw allows remote attackers to hijack an administrator’s authenticated session via unspecified vectors, potentially enabling unintended actions while the administrato...