WordPress Plugin “WP Booking” provided by aviplugins.com contains a stored cross-site scripting vulnerability (CWE-79).
An arbitrary script may be executed on the web browser of the user who is accessing the web site using the product.
Update the plugin
Update the plugin to the latest version according to the information provided by the developer.