VYPR

Vendor CVEs

Codepeople

All CVEs

56 total · sorted by risk
  • CVE-2022-41692Nov 18, 2022
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress.

  • CVE-2022-0389Mar 7, 2022
    risk 0.00cvss epss 0.01

    The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

  • CVE-2017-18579Aug 22, 2019
    risk 0.00cvss epss 0.01

    The corner-ad plugin before 1.0.8 for WordPress has XSS.

  • CVE-2015-7320Sep 29, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-7319Sep 29, 2015
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username.

  • CVE-2013-5953Mar 19, 2014
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) calid or (2)…

Page 2 of 2