CVE-2022-0389
07.03.2022, 09:15
The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Vendor | Product | Version |
---|---|---|
codepeople | wp_time_slots_booking_form | 𝑥 < 1.1.63 |
𝑥
= Vulnerable software versions