CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0389 – WP Time Slots Booking Form < 1.1.63 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0389
02 Feb 2022 — The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. El plugin WP Time Slots Booking Form de WordPress versiones anteriores a 1.1.63, no sanea ni escapa de los nombres de los calendarios, permitiendo a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html no e... • https://wpscan.com/vulnerability/788ead78-9aa2-49a3-b191-12114be8270b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42361 – Contact Form Email <= 1.3.24 Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-42361
11 Nov 2021 — The Contact Form Email WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the name parameter found in the ~/trunk/cp-admin-int-list.inc.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.3.24. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. El plugin de WordPress Contact Form ... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2628041%40contact-form-to-email&new=2628041%40contact-form-to-email&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 4CVE-2020-9371 – Appointment Booking Calendar <= 1.3.34 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-9371
04 Mar 2020 — Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML. Una vulnerabilidad de tipo XSS almacenado, se presenta en el plugin Appointment Booking Calendar versiones anteriores a 1.3.35 para WordPress. En el archivo cpabc_appointments.php, la entrada Calendar Name podría permitir a atacantes inyectar JavaScript o HTML arbitrario. WordPress Appointment Booki... • https://packetstorm.news/files/id/156694 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 4CVE-2020-9372 – Appointment Booking Calendar <= 1.3.34 - CSV Injection
https://notcve.org/view.php?id=CVE-2020-9372
04 Mar 2020 — The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection. El plugin Appointment Booking Calendar versiones anteriores a 1.3.35 para WordPress, permite que la entrada de usuario sea cualquier fórmula (en campos tales como Descripti... • https://packetstorm.news/files/id/156694 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7228 – Calculated Fields Form <= 1.0.353 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-7228
22 Jan 2020 — The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user. El plugin Calculated Fields Form versiones hasta 1.0.353 para WordPress, sufre de múltiples vulnerabilidades de tipo XSS Almacenado, presentes en los formularios de entrada. Estos pueden ser explotados por parte de un usuario autenticado. • https://spider-security.co.uk/blog-cve-2020-7228 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20963 – Contact Form Email <= 1.2.65 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-20963
12 Aug 2019 — The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. El complemento contact-form-to-email anterior de 1.2.66 para WordPress tiene XSS. • https://wordpress.org/plugins/contact-form-to-email/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20964 – Contact Form Email <= 1.2.65 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-20964
12 Aug 2019 — The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. El complemento contact-form-to-email anterior de 1.2.66 para WordPress tiene CSRF. • https://wordpress.org/plugins/contact-form-to-email/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14791 – Appointment Booking Calendar < 1.3.19 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-14791
04 Jul 2019 — The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. El plugin Appointment Booking Calendar versión 1.3.18 para , permite un ataque de tipo XSS por medio del parámetro editionarea del archivo wp-admin/admin-post.php. • https://wordpress.org/plugins/appointment-booking-calendar/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14784 – CP Contact Form with PayPal <= 1.3.01 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-14784
23 Jun 2019 — The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition. El plugin "CP Contact Form with PayPal" versiones anteriores a 1.2.98 para WordPress, presenta una vulnerabilidad de tipo XSS en la edición de CSS. The "CP Contact Form with PayPal" plugin before 1.3.02 for WordPress has XSS in CSS edition. • https://wordpress.org/plugins/cp-contact-form-with-paypal/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14785 – CP Contact Form with PayPal <= 1.3.01 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-14785
23 Jun 2019 — The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter. El plugin "CP Contact Form with PayPal" anterior a versión 1.2.99 para WordPress, presenta una vulnerabilidad de tipo XSS en el asistente de publicación por medio del parámetro cp_contactformpp_id de wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1. • https://wordpress.org/plugins/cp-contact-form-with-paypal/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •