← back
CVE-2026-40791

WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulnerability

CVSS 7.1 HIGHEPSS 0.2%CWE-79
Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Affected products
codepeople · WP Time Slots Booking Form
public PoCs found1
githubgithub.com/Rat5ak/CVE-2026-40791-WP-Time-Slots-Booking-Form-XSS0
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://patchstack.com/database/wordpress/plugin/wp-time-slots-booking-form/vulnerability/wordpress-wp-time-slots-booking-form-plugin-1-2-46-cross-site-scripting-xss-vulnerability?_s_id=cve