Cheat sheets

CVE-2020-9371: WordPress plugin vulnerability

Share this with people that should know this:

Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.

References

  • packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html
  • drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9
  • wordpress.org/plugins/appointment-booking-calendar/#developers
  • wpvulndb.com/vulnerabilities/10110
  • www.hotdreamweaver.com/support/view.php?id=815925
  • Share this with people that should know this: