CVE-2019-13505: XSS
First published: Thu Jul 11 2019(Updated: )
The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dwbooster Appointment Hour Booking | =1.1.44 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the Appointment Hour Booking plugin?
The vulnerability ID for the Appointment Hour Booking plugin is CVE-2019-13505.
What is the severity of CVE-2019-13505?
The severity of CVE-2019-13505 is medium, with a severity value of 6.1.
How does the Appointment Hour Booking plugin vulnerability allow XSS?
The Appointment Hour Booking plugin vulnerability allows XSS through the E-mail field.
How can I fix the Appointment Hour Booking plugin vulnerability?
To fix the Appointment Hour Booking plugin vulnerability, update to version 1.1.45 or higher.
Where can I get more information about the Appointment Hour Booking plugin vulnerability?
You can find more information about the Appointment Hour Booking plugin vulnerability on GitHub, WordPress.org, and WPScan.
- collector/nvd-index
- vendor/dwbooster
- canonical/dwbooster appointment hour booking
- version/dwbooster appointment hour booking/1.1.44