Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tms-outsource vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-6808
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.93 due to insufficient input sanitization and output escaping on user sup...
Tms-outsource Amelia
5.4
CVSSv3
CVE-2023-50860
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TMS Booking for Appointments and Events Calendar – Amelia allows Stored XSS.This issue affects Booking for Appointments and Events Calendar – Amelia: from n...
Tms-outsource Amelia
7.2
CVSSv3
CVE-2023-4314
The wpDataTables WordPress plugin prior to 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the...
Tms-outsource Wpdatatables
6.1
CVSSv3
CVE-2023-29427
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Booking for Appointments and Events Calendar – Amelia plugin <= 1.0.75 versions.
Tms-outsource Amelia
6.1
CVSSv3
CVE-2023-27918
Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions before 1.0.76 allows a remote unauthenticated malicious user to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed ...
Tms-outsource Amelia
5.4
CVSSv3
CVE-2023-23876
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin <= 2.1.49 versions.
Tms-outsource Wpdatatables
4.8
CVSSv3
CVE-2022-29432
Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable...
Tms-outsource Wpdatatables
4.8
CVSSv3
CVE-2022-25618
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27
Tms-outsource Wpdatatables Lite
5.4
CVSSv3
CVE-2022-0825
The Amelia WordPress plugin prior to 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the pers...
Tms-outsource Amelia
5.4
CVSSv3
CVE-2022-0837
The Amelia WordPress plugin prior to 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment hist...
Tms-outsource Amelia
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »