Lucene search

[email protected]NVD:CVE-2021-36855

HistorySep 30, 2022 - 5:15 p.m.

CVE-2021-36855

2022-09-3017:15:11

CWE-79

CWE-352

[email protected]

web.nvd.nist.gov

cve-2021-36855

cross-site scripting

cross-site request forgery

booking ultra pro

wordpress

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

20.9%

JSON

Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress.

Affected configurations

NVD

Node

bookingultraprobooking_ultra_pro_appointments_booking_calendarRange≤1.1.4wordpress

References

patchstack.com/database/vulnerability/booking-ultra-pro/wordpress-booking-ultra-pro-plugin-1-1-4-cross-site-scripting-xss-via-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

wordpress.org/plugins/booking-ultra-pro/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

20.9%

JSON

Related for NVD:CVE-2021-36855

patchstack1 cve1 wpvulndb1 cvelist1 prion1