CVE-2024-6930

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2024-6930

creationtimestamp| type| source ---|---|--- 2024-07-24 10:47:46+00:00| seen| https://t.me/cvedetector/1550...

CVE-2024-6930

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2024-6930 WP Booking Calendar <= 10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingform Shortcode

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2024-6930 WP Booking Calendar <= 10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingform Shortcode

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...

WordPress Booking Calendar Plugin <= 10.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Booking Calendar Type Plugin Vulnerable versions = 10.2.1 Fixed in 10.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6930 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID be4e48bd573a Credits Arkadiusz Hydzik...