WordPress Booking Calendar Plugin Cross-Site Scripting (XSS) Vulnerability

A Cross-Site Scripting (XSS) vulnerability has been discovered in the WordPress Booking Calendar plugin. This vulnerability could allow a malicious actor to inject malicious scripts into the website, which would be executed when visitors visit the affected site.

This vulnerability was discovered and reported by Pablo Sanchez.

The vulnerability is caused by a lack of input validation in the plugin’s code. This allows an attacker to inject malicious scripts into the website, which are then executed when visitors visit the site.

The vulnerability has been fixed in version 9.7.3.1 of the WordPress Booking Calendar plugin. Users who are running an older version of the plugin should update to the latest version as soon as possible.

Severity:

High

The vulnerability has a CVSS 3.1 score of 7.1, which is considered to be high severity. This means that the vulnerability is moderately likely to be exploited and could have a significant impact on the affected system.

Affected Versions:

All versions of the WordPress Booking Calendar plugin prior to 9.7.3.1 are affected by this vulnerability.

Impact:

An attacker who successfully exploits this vulnerability could inject malicious scripts into your website. This could allow the attacker to steal sensitive data, redirect visitors to malicious websites, or take control of the affected website.

Recommendation:

Update the WordPress Booking Calendar plugin to the latest available version (at least 9.7.3.1).

Due to the high severity of this vulnerability, immediate action is essential to secure the website:

Update the Plugin: Update the Booking Calendar Plugin to the latest available version, ensuring it is at least version 9.7.3.1. This update encompasses essential security fixes for the XSS vulnerability.
Regular Plugin Updates: In addition to this specific update, maintain the practice of routinely updating all WordPress plugins and themes to their latest versions. This is a fundamental security measure for websites.
Enhance Security Measures: Consider implementing additional security layers, such as web application firewalls (WAFs) and security plugins. Regular security audits can help identify and address potential vulnerabilities.

WordPress Booking Calendar Plugin Cross-Site Scripting (XSS) Vulnerability

Severity:

Affected Versions:

Impact:

Recommendation:

Related Articles

Remote File Inclusion vulnerability in WordPress Canto Plugin

Cross-Site Scripting (XSS) vulnerability in WordPress Simple Membership Plugin

Mitigating High-Severity XSS Vulnerability in Event Tickets Plugin

High-severity Remote Code Execution (RCE) vulnerability in WordPress WP Ultimate CSV Importer plugin

Cross-Site Scripting (XSS) vulnerability in WordPress PeproDev CF7 Database Plugin

Critical XSS Vulnerability in WordPress Ultimate Taxonomy Manager Plugin

Categories

Latest Blog Updates

Unmasking a Persistent Malware Attack on a WordPress Website

Investigating and Resolving High CPU Usage in WordPress Due to Malicious Crawlers

Unmasking a Hidden Malware Attack Targeting Users from Search Results

Critical Broken Access Control Vulnerability in WP Travel Plugin

Critical Broken Access Control Vulnerability in WooODT Lite Plugin

Critical Local File Inclusion Vulnerability in HTML filter and csv-file search Plugin

Critical Remote Code Execution Vulnerability in PHP to Page Plugin