Vcita: >> Online Booking & Scheduling Calendar >> 4.3.0 Security Vulnerabilities
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.4.0.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-06-21
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.3.2 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-09-04
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.4.6. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to modify the plugins settings, upload arbitrary files, and inject malicious JavaScript (before 4.3.2).
CVSS Score
5.4
EPSS Score
0.001
Published
2023-06-09
Page 2