Vulnerabilities > Dwbooster > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-11 | CVE-2023-6446 | Cross-site Scripting vulnerability in Dwbooster Calculated Fields Form The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.40 due to insufficient input sanitization and output escaping. | 4.8 |
| 2022-12-15 | CVE-2022-3427 | Unspecified vulnerability in Dwbooster Corner AD The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56. | 6.5 |
| 2022-11-29 | CVE-2022-4035 | Cross-site Scripting vulnerability in Dwbooster Appointment Hour Booking The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. | 6.1 |
| 2022-11-29 | CVE-2022-4036 | Inadequate Encryption Strength vulnerability in Dwbooster Appointment Hour Booking The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. | 5.3 |
| 2022-08-16 | CVE-2022-2846 | Missing Authorization vulnerability in Dwbooster Calendar Event Multi View The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. | 4.3 |
| 2021-08-02 | CVE-2021-24498 | Cross-site Scripting vulnerability in Dwbooster Calendar Event Multi View The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue. | 4.3 |
| 2019-08-22 | CVE-2017-18579 | Cross-site Scripting vulnerability in Dwbooster Corner AD The corner-ad plugin before 1.0.8 for WordPress has XSS. | 4.3 |
| 2019-07-11 | CVE-2019-13505 | Cross-site Scripting vulnerability in Dwbooster Appointment Hour Booking 1.1.44 The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1. | 6.1 |