Latest Dwbooster Vulnerabilities

CVE-2023-6446
The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.40 due to insufficient input sanitization and ...
Dwbooster Calculated Fields Form<=1.2.40
CVE-2023-41732
Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin <= 1.0.20 versions.
Dwbooster Cp Blocks<1.0.21
CVE-2022-3427
The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56. This is due to missing or incorrect nonce validation on its corner_ad_settings_...
Dwbooster Corner Ad<=1.0.56
CVE-2022-4034
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input...
Dwbooster Appointment Hour Booking<=1.3.72
CVE-2022-4035
The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanit...
Dwbooster Appointment Hour Booking<=1.3.72
CVE-2022-4036
The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAP...
Dwbooster Appointment Hour Booking<=1.3.72
CVE-2022-41692
Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress.
Dwbooster Appointment Hour Booking<1.3.72
CVE-2022-2169
The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfi...
Dwbooster Loading Page With Loading Screen<1.0.83
CVE-2022-1710
The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attac...
Dwbooster Appointment Hour Booking<1.3.56
CVE-2022-1692
The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-st...
Dwbooster Cp Image Store With Slideshow<1.0.68
CVE-2022-0448
The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilt...
Dwbooster Cp Blocks<1.0.15
CVE-2021-24712
The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars.
Dwbooster Appointment Hour Booking<1.3.17
CVE-2021-24673
The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when t...
Dwbooster Appointment Hour Booking<1.3.16
CVE-2021-24498
The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflec...
Dwbooster Calendar Event Multi View<1.4.01
CVE-2017-18579
The corner-ad plugin before 1.0.8 for WordPress has XSS.
Dwbooster Corner Ad<1.0.8
CVE-2019-13505
The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1.
Dwbooster Appointment Hour Booking=1.1.44

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203