CVE-2016-20084

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.2 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N                                    

Vulnerability Description

WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScript into the 'ict' and 'ics' options or the calendar 'name' parameter via GET requests to execute arbitrary scripts when the calendar is displayed or accessed in the administration interface.

Vulnerability Details

Published Date

June 15, 2026

Last Modified

June 15, 2026

CWE ID

CWE-79

Source

NVD

Vendor

dwbooster

Product

Booking Calendar Contact

External References

http://wordpress.dwbooster.com/calendars/booking-calendar-contact-form
https://www.exploit-db.com/exploits/39341
https://www.vulncheck.com/advisories/wordpress-appointment-booking-calendar-privilege-escalation-xss

CVE-2016-20084

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment