Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:24 a.m.17 views

CVE-2024-10027

The WP Booking Calendar WordPress plugin before 10.6.3 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...

4.8CVSS5.7AI score0.00342EPSS
Exploits1References1
Circl
Circl
added 2024/11/07 6:6 a.m.22 views

CVE-2024-10027

creationtimestamp| type| source ---|---|--- 2024-11-07 06:06:29+00:00| seen| https://infosec.exchange/users/cve/statuses/113440167627592160 2024-11-07 07:43:25+00:00| seen| https://t.me/cvedetector/10057...

4.8CVSS4.8AI score0.00342EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/11/07 6:0 a.m.45 views

CVE-2024-10027 WP Booking Calendar < 10.6.3 - Admin+ Stored XSS

The WP Booking Calendar WordPress plugin before 10.6.3 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...

0.00342EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/11/07 12:0 a.m.20 views

WordPress Booking Calendar Plugin < 10.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Booking Calendar Type Plugin Vulnerable versions 10.6.3 Fixed in 10.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10027 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 999b4bfc809b Credits Dmitrii Ignatyev...

4.8CVSS5.8AI score0.00342EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder