Vulnerabilities (CVE)

Filtered by vendor Dwbooster Subscribe
Filtered by product Appointment Hour Booking
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1710 1 Dwbooster 1 Appointment Hour Booking 2022-06-17 3.5 LOW 4.8 MEDIUM
The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
CVE-2021-24712 1 Dwbooster 1 Appointment Hour Booking 2021-10-15 3.5 LOW 5.4 MEDIUM
The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars.
CVE-2021-24673 1 Dwbooster 1 Appointment Hour Booking 2021-10-08 3.5 LOW 4.8 MEDIUM
The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2019-13505 1 Dwbooster 1 Appointment Hour Booking 2019-07-16 4.3 MEDIUM 6.1 MEDIUM
The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1.