5 matches found
CVE-2025-4669
creationtimestamp| type| source ---|---|--- 2025-05-17 13:08:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpemg4jmh42h...
CVE-2025-4669
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpbc shortcode in all versions up to, and including, 10.11.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-4669 Booking Calendar <= 10.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpbc Shortcode
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpbc shortcode in all versions up to, and including, 10.11.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-4669
CVE-2025-4669 affects WP Booking Calendar (WordPress) up to and including version 10.11.1, due to insufficient input sanitization and output escaping on the wpbc shortcode attributes. The issue enables stored XSS for authenticated users with contributor-level access and above, potentially executi...
WordPress Booking Calendar plugin <= 10.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpbc Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via wpbc Shortcode vulnerability discovered by muhammad yudha in WordPress Plugin Booking Calendar versions = 10.11.1...