CVE-2015-7320

Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Date published : 2015-09-29

http://www.securityfocus.com/archive/1/536556/100/0/threaded

http://www.securityfocus.com/archive/1/536557/100/0/threaded