CVE-2014-4579

Name of the Vulnerable Software and Affected Versions Appointments Scheduler plugin versions 1.5 and earlier for WordPress

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the lang parameter in the js/test.php file.

Recommendations For Appointments Scheduler plugin versions 1.5 and earlier, update to a version later than 1.5 to resolve the issue. As a temporary workaround, consider restricting access to the js/test.php file or avoiding the use of the lang parameter until a patch is available.