Vendor CVEs
Codepeople
All CVEs
56 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-41692 | 0.00 | — | 0.00 | Nov 18, 2022 | Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress. | |||
| CVE-2022-0389 | 0.00 | — | 0.01 | Mar 7, 2022 | The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||
| CVE-2017-18579 | 0.00 | — | 0.01 | Aug 22, 2019 | The corner-ad plugin before 1.0.8 for WordPress has XSS. | |||
| CVE-2015-7320 | 0.00 | — | 0.02 | Sep 29, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-7319 | 0.00 | — | 0.02 | Sep 29, 2015 | SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username. | |||
| CVE-2013-5953 | 0.00 | — | 0.02 | Mar 19, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) calid or (2)… |
- CVE-2022-41692Nov 18, 2022risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress.
- CVE-2022-0389Mar 7, 2022risk 0.00cvss —epss 0.01
The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
- CVE-2017-18579Aug 22, 2019risk 0.00cvss —epss 0.01
The corner-ad plugin before 1.0.8 for WordPress has XSS.
- CVE-2015-7320Sep 29, 2015risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2015-7319Sep 29, 2015risk 0.00cvss —epss 0.02
SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username.
- CVE-2013-5953Mar 19, 2014risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) calid or (2)…
Page 2 of 2