Lucene search

K
jvnJapan Vulnerability NotesJVN:35838128
HistoryMay 24, 2024 - 12:00 a.m.

JVN#35838128: WordPress Plugin "WP Booking" vulnerable to cross-site scripting

2024-05-2400:00:00
Japan Vulnerability Notes
jvn.jp
6
wordpress
cross-site scripting
vulnerability
update
wp booking
aviplugins

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

WordPress Plugin “WP Booking” provided by aviplugins.com contains a stored cross-site scripting vulnerability (CWE-79).

Impact

An arbitrary script may be executed on the web browser of the user who is accessing the web site using the product.

Solution

Update the plugin
Update the plugin to the latest version according to the information provided by the developer.

Products Affected

  • WP Booking versions prior to 2.4.5

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%