Vulnerabilities > Vcita > Online Booking Scheduling Calendar FOR Wordpress > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-06-03	CVE-2023-2298	Cross-site Scripting vulnerability in Vcita Online Booking & Scheduling Calendar for Wordpress 4.2.10 The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'business_id' parameter in versions up to, and including, 4.2.10 due to insufficient input sanitization and output escaping. network low complexity vcita CWE-79	6.1
2023-06-03	CVE-2023-2299	Missing Authorization vulnerability in Vcita Online Booking & Scheduling Calendar for Wordpress 4.2.10 The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction function. network low complexity vcita CWE-862	5.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.