CVE-2020-24313

Name of the Vulnerable Software and Affected Versions Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin versions 1.1.9 and lower

Description The issue is related to a reflected XSS vulnerability. It occurs because the Appointment ID GET parameter value is not properly sanitized before being echoed back inside an input tag. This allows attackers to exploit the vulnerability using a specially crafted URL.

Recommendations For Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin versions 1.1.9 and lower, consider updating to a version where this issue is fixed, as the current version does not properly sanitize the Appointment ID parameter, leading to a reflected XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.