CVE-2022-1710 Information

Description

The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.

Reference

https://wpscan.com/vulnerability/ed162ccc-88e6-41e8-b24d-1b9f77a038b6