A Cross-Site Scripting (XSS) vulnerability has been identified in the WordPress Bus Ticket Booking with Seat Reservation plugin. This vulnerability could allow an attacker to inject malicious scripts into the affected website, potentially compromising the security of the website and its visitors.
The Cross Site Scripting (XSS) vulnerability was identified and responsibly reported by the WordFence security team. This security flaw empowers attackers to inject malicious scripts, such as redirects, advertisements, and other HTML payloads, into your website. These injected scripts can be executed when visitors access the site, potentially leading to detrimental outcomes.
Severity:
With a CVSS 3.1 score of 7.1, the Cross-Site Scripting (XSS) vulnerability in the Bus Ticket Booking with Seat Reservation Plugin is classified as high severity, underlining its potential for exploitation and the significant impact it can have on affected websites.
Affected Versions:
The vulnerability affects all versions of the Bus Ticket Booking with Seat Reservation Plugin up to and including version 5.2.3.
Impact:
An attacker who successfully exploits this vulnerability could inject malicious scripts into the affected website. These scripts could then be executed by visitors to the website, potentially leading to a variety of security risks, such as:
- Stealing cookies or session tokens
- Hijacking user accounts
- Conducting phishing attacks
- Displaying malicious content
Recommendation:
Users of the Bus Ticket Booking with Seat Reservation plugin are advised to update to version 5.2.4 or higher as soon as possible. This will fix the vulnerability and protect users from attacks.