Vulnerabilities > Dwbooster

DATE CVE VULNERABILITY TITLE RISK
2022-06-08 CVE-2022-1692 SQL Injection vulnerability in Dwbooster CP Image Store With Slideshow
The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack
network
low complexity
dwbooster CWE-89
critical
9.8
2022-03-07 CVE-2022-0448 Cross-site Scripting vulnerability in Dwbooster CP Blocks
The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
network
low complexity
dwbooster CWE-79
4.8
2021-10-11 CVE-2021-24712 Cross-site Scripting vulnerability in Dwbooster Appointment Hour Booking
The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars.
network
low complexity
dwbooster CWE-79
5.4
2021-10-04 CVE-2021-24673 Cross-site Scripting vulnerability in Dwbooster Appointment Hour Booking
The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
network
low complexity
dwbooster CWE-79
4.8
2021-08-02 CVE-2021-24498 Cross-site Scripting vulnerability in Dwbooster Calendar Event Multi View
The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue.
network
low complexity
dwbooster CWE-79
6.1
2019-08-22 CVE-2017-18579 Cross-site Scripting vulnerability in Dwbooster Corner AD
The corner-ad plugin before 1.0.8 for WordPress has XSS.
network
low complexity
dwbooster CWE-79
6.1
2019-07-11 CVE-2019-13505 Cross-site Scripting vulnerability in Dwbooster Appointment Hour Booking 1.1.44
The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1.
network
low complexity
dwbooster CWE-79
6.1