Stored XSS Vulnerability in Appointment Hour Booking Plugin for WordPress
CVE-2019-13505
6.1MEDIUM
Summary
The Appointment Hour Booking plugin version 1.1.44 for WordPress contains a stored cross-site scripting (XSS) vulnerability that allows attackers to exploit the E-mail field. This weakness can lead to unauthorized script execution in the context of a legitimate user, potentially compromising website security and user data. Proper validation and sanitization measures are essential to mitigate the risk associated with this vulnerability.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved