Vulnerabilities > Dwbooster
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-08 | CVE-2022-1692 | SQL Injection vulnerability in Dwbooster CP Image Store With Slideshow The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack | 9.8 |
2022-03-07 | CVE-2022-0448 | Cross-site Scripting vulnerability in Dwbooster CP Blocks The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | 4.8 |
2021-10-11 | CVE-2021-24712 | Cross-site Scripting vulnerability in Dwbooster Appointment Hour Booking The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars. | 5.4 |
2021-10-04 | CVE-2021-24673 | Cross-site Scripting vulnerability in Dwbooster Appointment Hour Booking The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2021-08-02 | CVE-2021-24498 | Cross-site Scripting vulnerability in Dwbooster Calendar Event Multi View The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue. | 6.1 |
2019-08-22 | CVE-2017-18579 | Cross-site Scripting vulnerability in Dwbooster Corner AD The corner-ad plugin before 1.0.8 for WordPress has XSS. | 6.1 |
2019-07-11 | CVE-2019-13505 | Cross-site Scripting vulnerability in Dwbooster Appointment Hour Booking 1.1.44 The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1. | 6.1 |