Vulnerabilities > Codepeople > Appointment Booking Calendar > 1.3.18

DATE CVE VULNERABILITY TITLE RISK
2022-11-18 CVE-2022-43482 Missing Authorization vulnerability in Codepeople Appointment Booking Calendar
Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.
network
low complexity
codepeople CWE-862
8.8
8.8
2020-03-04 CVE-2020-9372 Improper Neutralization of Formula Elements in a CSV File vulnerability in Codepeople Appointment Booking Calendar
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. 		6.8
6.8
2020-03-04 CVE-2020-9371 Cross-site Scripting vulnerability in Codepeople Appointment Booking Calendar
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress.
network
low complexity
codepeople CWE-79
4.8
4.8
2019-08-09 CVE-2019-14791 Cross-site Scripting vulnerability in Codepeople Appointment Booking Calendar 1.3.18
The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter.
network
codepeople CWE-79
4.3
4.3