Overview
- Description
- The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Appointment Type settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
- Source
- contact@wpscan.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.8
- Impact score
- 2.7
- Exploitability score
- 1.7
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
CVE-2024-7876 The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Appointment Typ… https://t.co/JBqrrlrOei
@CVEnew
5 Nov 2024
404 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Excited to share that I’ve been assigned four new CVEs for my findings on Simply Schedule Appointment (SSA) and PageLayer plugins of WordPress: - CVE-2024-7129 - CVE-2024-7877 - CVE-2024-7876 - CVE-2024-8426 Also I am at rank 8th on the WordPress leaderboard. #bugbounty
@__jeewan_
3 Nov 2024
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nsqua:simply_schedule_appointments:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "F6019A59-B763-431F-BBB7-3990AE76719B",
"versionEndExcluding": "1.6.7.55"
}
],
"operator": "OR"
}
]
}
]