Stored XSS Vulnerability in Appointment Hour Booking Plugin for WordPress
CVE-2019-13505

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
Appointment Hour Booking
Vendor
CVE Published:
11 July 2019

What is CVE-2019-13505?

The Appointment Hour Booking plugin version 1.1.44 for WordPress contains a stored cross-site scripting (XSS) vulnerability that allows attackers to exploit the E-mail field. This weakness can lead to unauthorized script execution in the context of a legitimate user, potentially compromising website security and user data. Proper validation and sanitization measures are essential to mitigate the risk associated with this vulnerability.

References

https://github.com/ivoschyk-cs/CVE-s/blob/master/Appointm...
x_refsource_MISC
https://wordpress.org/plugins/appointment-hour-booking/#d...
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/9458
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.