Search criteria
4 vulnerabilities found for Simply Schedule Appointments – WordPress Booking Plugin by Unknown
CVE-2022-2374 (GCVE-0-2022-2374)
Vulnerability from cvelistv5 – Published: 2022-08-29 17:15 – Updated: 2024-08-03 00:32
VLAI?
Title
Simply Schedule Appointments < 1.5.7.7 - Admin+ Stored Cross-Site Scripting
Summary
The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-Site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Simply Schedule Appointments – WordPress Booking Plugin |
Affected:
1.5.7.7 , < 1.5.7.7
(custom)
|
Credits
Raad Haddad
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/12062d78-7a0d-4dc1-9bd6-6c54aa6bc761"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simply Schedule Appointments \u2013 WordPress Booking Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.5.7.7",
"status": "affected",
"version": "1.5.7.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T17:15:36",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/12062d78-7a0d-4dc1-9bd6-6c54aa6bc761"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Simply Schedule Appointments \u003c 1.5.7.7 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2374",
"STATE": "PUBLIC",
"TITLE": "Simply Schedule Appointments \u003c 1.5.7.7 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simply Schedule Appointments \u2013 WordPress Booking Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.5.7.7",
"version_value": "1.5.7.7"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/12062d78-7a0d-4dc1-9bd6-6c54aa6bc761",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/12062d78-7a0d-4dc1-9bd6-6c54aa6bc761"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2374",
"datePublished": "2022-08-29T17:15:36",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2373 (GCVE-0-2022-2373)
Vulnerability from cvelistv5 – Published: 2022-08-29 17:15 – Updated: 2024-08-03 00:32
VLAI?
Title
Simply Schedule Appointments < 1.5.7.7 - Unauthenticated Email Address Disclosure
Summary
The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Simply Schedule Appointments – WordPress Booking Plugin |
Affected:
1.5.7.7 , < 1.5.7.7
(custom)
|
Credits
Raad Haddad
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/6aa9aa0d-b447-4584-a07e-b8a0d1b83a31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simply Schedule Appointments \u2013 WordPress Booking Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.5.7.7",
"status": "affected",
"version": "1.5.7.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T17:15:35",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/6aa9aa0d-b447-4584-a07e-b8a0d1b83a31"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Simply Schedule Appointments \u003c 1.5.7.7 - Unauthenticated Email Address Disclosure",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2373",
"STATE": "PUBLIC",
"TITLE": "Simply Schedule Appointments \u003c 1.5.7.7 - Unauthenticated Email Address Disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simply Schedule Appointments \u2013 WordPress Booking Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.5.7.7",
"version_value": "1.5.7.7"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/6aa9aa0d-b447-4584-a07e-b8a0d1b83a31",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/6aa9aa0d-b447-4584-a07e-b8a0d1b83a31"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2373",
"datePublished": "2022-08-29T17:15:35",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2374 (GCVE-0-2022-2374)
Vulnerability from nvd – Published: 2022-08-29 17:15 – Updated: 2024-08-03 00:32
VLAI?
Title
Simply Schedule Appointments < 1.5.7.7 - Admin+ Stored Cross-Site Scripting
Summary
The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-Site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Simply Schedule Appointments – WordPress Booking Plugin |
Affected:
1.5.7.7 , < 1.5.7.7
(custom)
|
Credits
Raad Haddad
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/12062d78-7a0d-4dc1-9bd6-6c54aa6bc761"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simply Schedule Appointments \u2013 WordPress Booking Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.5.7.7",
"status": "affected",
"version": "1.5.7.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T17:15:36",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/12062d78-7a0d-4dc1-9bd6-6c54aa6bc761"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Simply Schedule Appointments \u003c 1.5.7.7 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2374",
"STATE": "PUBLIC",
"TITLE": "Simply Schedule Appointments \u003c 1.5.7.7 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simply Schedule Appointments \u2013 WordPress Booking Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.5.7.7",
"version_value": "1.5.7.7"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/12062d78-7a0d-4dc1-9bd6-6c54aa6bc761",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/12062d78-7a0d-4dc1-9bd6-6c54aa6bc761"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2374",
"datePublished": "2022-08-29T17:15:36",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2373 (GCVE-0-2022-2373)
Vulnerability from nvd – Published: 2022-08-29 17:15 – Updated: 2024-08-03 00:32
VLAI?
Title
Simply Schedule Appointments < 1.5.7.7 - Unauthenticated Email Address Disclosure
Summary
The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Simply Schedule Appointments – WordPress Booking Plugin |
Affected:
1.5.7.7 , < 1.5.7.7
(custom)
|
Credits
Raad Haddad
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/6aa9aa0d-b447-4584-a07e-b8a0d1b83a31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simply Schedule Appointments \u2013 WordPress Booking Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.5.7.7",
"status": "affected",
"version": "1.5.7.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T17:15:35",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/6aa9aa0d-b447-4584-a07e-b8a0d1b83a31"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Simply Schedule Appointments \u003c 1.5.7.7 - Unauthenticated Email Address Disclosure",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2373",
"STATE": "PUBLIC",
"TITLE": "Simply Schedule Appointments \u003c 1.5.7.7 - Unauthenticated Email Address Disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simply Schedule Appointments \u2013 WordPress Booking Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.5.7.7",
"version_value": "1.5.7.7"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/6aa9aa0d-b447-4584-a07e-b8a0d1b83a31",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/6aa9aa0d-b447-4584-a07e-b8a0d1b83a31"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2373",
"datePublished": "2022-08-29T17:15:35",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}