CVE-2022-1710

CVE-2022-1710: Appointment Hour Booking < 1.3.56 - Admin+ Stored Cross-Site Scripting

Vendor Unknown
Product Appointment Hour Booking – WordPress Booking Plugin
Weakness CWE-79 · XSS
Published June 13, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.

Key dates

02Disclosure timeline

June 13, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-30483 WordPress Sponsors plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability CVE-2025-32586 WordPress ABA PayWay Payment Gateway for WooCommerce Plugin <= 2.1.4 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-53731 WordPress Fintelligence Calculator plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability CVE-2026-4355 Portabilis i-Educar Endpoint educar_servidor_curso_lst.php cross site scripting CVE-2025-30905 WordPress Secure Copy Content Protection and Content Locking plugin <= 4.4.3 - Cross Site Scripting (XSS) vulnerability