CVE-2024-13431

Medium CVSS: 6.1

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the accent_color and background parameter in all versions up to, and including, 1.6.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Vendor

Nsquared

Product

Appointment Booking Calendar

CWE

CWE-79

Yayın Tarihi

2025-03-07 09:15:15

Güncelleme

2025-03-13 17:49:40

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-79 Appointment Booking Calendar MEDIUM Nsquared 2025

Referanslar

https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/trunk/booking-app-new/iframe-inner.php#L182 https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/trunk/booking-app-new/iframe-inner.php#L189 https://plugins.trac.wordpress.org/changeset/3246760/simply-schedule-appointments/trunk/booking-app-new/iframe-inner.php https://www.wordfence.com/threat-intel/vulnerabilities/id/f6e3e5dd-b9f1-4d24-98cc-b6ab319434e4?source=cve

Benzer Kayıtlar

Critical

CVE-2025-46247

Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Acces…

High

CVE-2025-46241

Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar…

High

CVE-2024-12274

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functional…