Dwbooster: Security Vulnerabilities
The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-06-13
The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack
CVSS Score
9.8
EPSS Score
0.032
Published
2022-06-08
The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
CVSS Score
4.8
EPSS Score
0.063
Published
2022-03-07
The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-10-11
The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-10-04
The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue.
CVSS Score
6.1
EPSS Score
0.259
Published
2021-08-02
The corner-ad plugin before 1.0.8 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-07-11
Page 2