CVE-2022-1710

State: PUBLISHED · Published: 2022-06-13 · Updated: 2024-08-03 · Assigner: WPScan

Description

The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.

CWE

CWE-79 — CWE-79 Cross-site Scripting (XSS)

Affected

Unknown / Appointment Hour Booking – WordPress Booking Plugin — v=1.3.56 <1.3.56 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/ed162ccc-88e6-41e8-b24d-1b9f77a038b6 x_refsource_MISC

Source

cvelistV5-main/cves/2022/1xxx/CVE-2022-1710.json