Lucene search

JpcertCVELIST:CVE-2024-35297

HistoryMay 27, 2024 - 4:40 a.m.

CVE-2024-35297

2024-05-2704:40:54

jpcert

www.cve.org

cross-site scripting

wp booking

vulnerability

web browser

exploitation

8.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Cross-site scripting vulnerability exists in WP Booking versions prior to 2.4.5. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product.

CNA Affected

[
  {
    "vendor": "aviplugins.com",
    "product": "WP Booking",
    "versions": [
      {
        "version": "prior to 2.4.5",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN35838128/

plugins.trac.wordpress.org/changeset?new=3084990%40wp-easy-booking%2Ftrunk%2Fview%2Ffrontend%2Fbooking-locations.php&old=2404687%40wp-easy-booking%2Ftrunk%2Fview%2Ffrontend%2Fbooking-locations.php

wordpress.org/plugins/wp-easy-booking/