What the vulnerability does
01Description
Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
Explanation of Vulnerability in Simple Terms
WP Time Slots Booking Form versions up to 1.2.46 contain a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into the site. An attacker can craft a malicious link that, when clicked by a site visitor, executes JavaScript in their browser. This can lead to session hijacking, credential theft, or defacement. The vulnerability affects all users who visit a compromised page.
What an attacker can do
Inject and execute malicious JavaScript in visitors' browsers to steal sessions, credentials, or deface content.
Potential impact on your site
Visitors' sessions and data can be compromised; site reputation and user trust may be damaged.
Conditions required to exploit
Attacker must trick a site visitor into clicking a malicious link or visiting a compromised page.
Key dates
External resources
Related vulnerabilities