CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41692 – WordPress Appointment Hour Booking plugin <= 1.3.71 - Missing Authorization vulnerability
https://notcve.org/view.php?id=CVE-2022-41692
Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress. Vulnerabilidad de autorización faltante en el complemento Appointment Hour Booking en WordPress en versiones <= 1.3.71. The Appointment Hour Booking plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the cpapphb_feedback function in versions up to, and including, 1.3.71. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to provide plugin feedback. • https://patchstack.com/database/vulnerability/appointment-hour-booking/wordpress-appointment-hour-booking-plugin-1-3-71-missing-authorization-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1710 – Appointment Hour Booking < 1.3.56 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1710
The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. El plugin Appointment Hour Booking para WordPress versiones anteriores a 1.3.56, no sanea y escapa de una configuración de sus campos de Calendario, lo que podría permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando el unfiltered_html no está permitido • https://wpscan.com/vulnerability/ed162ccc-88e6-41e8-b24d-1b9f77a038b6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24712 – Appointment Hour Booking – WordPress Booking Plugin < 1.3.17 - Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-24712
The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars. El plugin Appointment Hour Booking de WordPress versiones anteriores a 1.3.17, no sanea correctamente los valores usados cuando se crean nuevos calendarios • https://wpscan.com/vulnerability/e677e51b-0d3f-44a5-9fcd-c159786b9926 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24673 – Appointment Hour Booking < 1.3.16 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24673
The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. El plugin Appointment Hour Booking de WordPress versiones anteriores a 1.3.16, no escapa a algunos de los ajustes del formulario del calendario, que permite a usuarios con privilegios elevados llevar a cabo ataques de tipo Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no está permitida • https://wpscan.com/vulnerability/75a67932-d831-4dfb-a70d-a07650eaa755 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13505 – Appointment Hour Booking – WordPress Booking Plugin <= 1.1.45 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-13505
The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1. El plugin Appointment Hour Booking versión 1.1.44 para WordPress, permite una vulnerabilidad de tipo XSS por medio del campo E-mail, como es demostrado por email_1. • https://github.com/ivoschyk-cs/CVE-s/blob/master/Appointment%20Hour%20Booking%20%E2%80%93%20WordPress%20Booking%20Plugin%20--%20stored%20XSS https://wordpress.org/plugins/appointment-hour-booking/#developers https://wpvulndb.com/vulnerabilities/9458 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •