Brunomodificato

**Name of the Vulnerable Software and Affected Versions** Appointment Hour Booking WordPress plugin versions prior to 1.3.56 **Description** The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of settings in its Calendar fields, even when the unfiltered html is disallowed. **Recommendations** For versions prior to 1.3.56, update to version 1.3.56 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** VikBooking Hotel Booking Engine & PMS WordPress plugin versions prior to 1.5.9 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the plugin does not properly escape the current URL before putting it back in a JavaScript context. **Recommendations** For versions prior to 1.5.9, update to version 1.5.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's JavaScript context until a patch is applied.