4 matches found
CVE-2024-10027
The WP Booking Calendar WordPress plugin before 10.6.3 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...
CVE-2024-10027
creationtimestamp| type| source ---|---|--- 2024-11-07 06:06:29+00:00| seen| https://infosec.exchange/users/cve/statuses/113440167627592160 2024-11-07 07:43:25+00:00| seen| https://t.me/cvedetector/10057...
CVE-2024-10027 WP Booking Calendar < 10.6.3 - Admin+ Stored XSS
The WP Booking Calendar WordPress plugin before 10.6.3 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...
WordPress Booking Calendar Plugin < 10.6.3 is vulnerable to Cross Site Scripting (XSS)
Software Booking Calendar Type Plugin Vulnerable versions 10.6.3 Fixed in 10.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10027 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 999b4bfc809b Credits Dmitrii Ignatyev...