CVE-2018-5672
CVE-2018-5672 affects the WordPress booking-calendar plugin, version 2.1.7. It exposes a stored XSS via the wp-admin/admin.php form_field5[label] parameter, as described across CNVD/NVD entries. Exploitation could allow an attacker to obtain a user cookie or perform a malicious action; the inform...