Vinay Kumar

Name of the Vulnerable Software and Affected Versions: The Booking for Appointments and Events Calendar – Amelia plugin for WordPress versions 1.1.5 and earlier The Booking for Appointments and Events Calendar – Amelia plugin for WordPress Pro version 7.5.1 and earlier Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. Recommendations: For versions up to and including 1.1.5, update to a version later than 1.1.5 to resolve the issue. For Pro version 7.5.1 and earlier, update to a version later than 7.5.1 to resolve the issue. As a temporary workaround, consider restricting access to admin settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Bookly plugin for WordPress versions up to, and including, 21.5 **Description** The issue is related to Stored Cross-Site Scripting via service titles due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrative privileges to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. The issue specifically affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For Bookly plugin for WordPress versions up to, and including, 21.5, update to a version higher than 21.5 to resolve the issue. As a temporary workaround, consider restricting access to service title editing for users with administrative privileges to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Bookly plugin for WordPress versions up to, and including, 21.5 **Description** The issue is related to Stored Cross-Site Scripting via the `full name` value due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 21.5, update to a version higher than 21.5 to resolve the issue. As a temporary workaround, consider restricting input for the `full name` value to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Amelia WordPress plugin versions up to and including 1.0.46 **Description** The issue arises from insufficient escaping and sanitization of the `lastName` parameter in the ~/src/Application/Controller/User/Customer/AddCustomerController.php file. This allows attackers to inject arbitrary web scripts onto a page, which executes whenever a user accesses the booking calendar with the date the attacker has injected the malicious payload into. **Recommendations** For versions up to and including 1.0.46, update to a version that includes proper escaping and sanitization of the `lastName` parameter to prevent Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the AddCustomerController.php file or disabling the `lastName` parameter until a patch is available.