WordPress Roomcloud Plugin <= 1.2 - Multiple XSS

Because of these vulnerabilities in roomcloud.php, the attackers can inject arbitrary web script or HTML via 10 parameters: “pin”, “lang”, “start_year”, “start_month”, “start_day”, “end_day”, “end_month”, “end_year”, “adults”, “children”.

Solution

           Update the plugin.