Vulnerabilities > Byconsole > Pickup Delivery Dine IN Date Time > 1.0.4

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-08	CVE-2023-0894	Unspecified vulnerability in Byconsole Pickup \| Delivery \| Dine-In Date Time The Pickup \| Delivery \| Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) network low complexity byconsole	4.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.