CVE-2023-2298 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.3.0 - Unauthenticated Stored Cross-Site Scripting

🗓️ 03 Jun 2023 04:35:15Reported by WordfenceType

Online Booking & Scheduling Calendar WordPress plugin vulnerability in 'business_id' paramete

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2023-2298	3 Jun 202305:15	–	attackerkb
CNNVD	WordPress plugin Online Booking & Scheduling Calendar for WordPress by vcita 跨站脚本漏洞	3 Jun 202300:00	–	cnnvd
CVE	CVE-2023-2298	3 Jun 202304:35	–	cve
EUVD	EUVD-2023-33804	3 Oct 202520:07	–	euvd
NVD	CVE-2023-2298	3 Jun 202305:15	–	nvd
OSV	CVE-2023-2298	3 Jun 202305:15	–	osv
Patchstack	WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin < 4.3.2 is vulnerable to Cross Site Scripting (XSS)	5 Jun 202300:00	–	patchstack
Prion	Cross site scripting	3 Jun 202305:15	–	prion
Positive Technologies	PT-2023-18809 · Vcita · Online Booking & Scheduling Calendar For Wordpress	3 Jun 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-2298	23 May 202503:09	–	redhatcve

[
  {
    "vendor": "vcita",
    "product": "Online Booking & Scheduling Calendar for WordPress by vcita",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "4.3.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
blog	www.blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/7e6a0bf9-4767-4d4c-9a1e-adcb3c7719d9
plugins	www.plugins.trac.wordpress.org/changeset
plugins	www.plugins.trac.wordpress.org/changeset/2930545/meeting-scheduler-by-vcita/trunk/vcita-api-functions.php

08 Apr 2026 17:03Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.17.2

EPSS0.03906

CWE-79