Overview
- Description
- The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
- Source
- contact@wpscan.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.8
- Impact score
- 2.7
- Exploitability score
- 1.7
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
CVE-2024-7877 The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification se… https://t.co/FPvP6mgs26
@CVEnew
5 Nov 2024
378 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Excited to share that I’ve been assigned four new CVEs for my findings on Simply Schedule Appointment (SSA) and PageLayer plugins of WordPress: - CVE-2024-7129 - CVE-2024-7877 - CVE-2024-7876 - CVE-2024-8426 Also I am at rank 8th on the WordPress leaderboard. #bugbounty
@__jeewan_
3 Nov 2024
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nsqua:simply_schedule_appointments:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "F6019A59-B763-431F-BBB7-3990AE76719B",
"versionEndExcluding": "1.6.7.55"
}
],
"operator": "OR"
}
]
}
]