Ultimate Appointment Booking & Scheduling < 1.1.10 - Authenticated Cross-Site Scripting (XSS)

2020-08-1000:00:00

wpscan.com

0.001 Low

EPSS

Percentile

32.7%

JSON

The Ultimate Appointment Booking & Scheduling WordPress plugin, versions 1.1.9 and older, were vulnerable to Authenticated Cross-Site Scripting (XSS) within multiple parameters.

PoC

http://www.example.com/wp-admin/admin.php?page=EWD-UASP-options&Action;=EWD_UASP_AppointmentDetails&Selected;=Appointment&Appointment;_ID=1">

CPENameOperatorVersion
ultimate-appointment-schedulinglt1.1.10

CPE	Name	Operator	Version
	ultimate-appointment-scheduling	lt	1.1.10

References

plugins.trac.wordpress.org/changeset/2327552/ultimate-appointment-scheduling

zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/

0.001 Low

EPSS

Percentile

32.7%

JSON

Related for WPVDB-ID:14167153-38B7-4C5D-A03F-A1626EF5EF6D