Page 2 of 7 results (0.008 seconds)

CVSS: 4.1EPSS: %CPEs: 1EXPL: 0

The WP Time Slots Booking Form plugin for WordPress is vulnerable to authorization bypass due to improper capability checks throughout the ~/cp-admin-int-add-booking.inc.php file in versions up to, and including, 1.1.83. This makes it possible for authenticated attackers with editor-level privileges to modify some of the plugin's settings. • CWE-285: Improper Authorization •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. El plugin WP Time Slots Booking Form de WordPress versiones anteriores a 1.1.63, no sanea ni escapa de los nombres de los calendarios, permitiendo a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html no está permitida • https://wpscan.com/vulnerability/788ead78-9aa2-49a3-b191-12114be8270b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •