CVE-2026-2231

Name of the Vulnerable Software and Affected Versions Fluent Booking versions up to and including 2.0.01

Description The Fluent Booking plugin for WordPress is susceptible to Stored Cross-Site Scripting through multiple parameters. Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page.

Recommendations Update Fluent Booking to a version newer than 2.0.01.