CVE-2021-24673

State: PUBLISHED · Published: 2021-10-04 · Updated: 2024-08-03 · Assigner: WPScan

Description

The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

CWE

CWE-79 — CWE-79 Cross-site Scripting (XSS)

Affected

Unknown / Appointment Hour Booking – WordPress Booking Plugin — v=1.3.16 <1.3.16 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/75a67932-d831-4dfb-a70d-a07650eaa755 x_refsource_MISC

Source

cvelistV5-main/cves/2021/24xxx/CVE-2021-24673.json