PT-2021-16372 · WordPress · Wordpress Online Booking/Scheduling Plugin
Mesut Cetin
·
Published
2021-12-06
·
Updated
2022-11-14
·
CVE-2021-24930
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
The WordPress Online Booking and Scheduling Plugin version 20.3.0 and earlier
Description:
The issue is related to a Stored Cross-Site Scripting problem. It occurs because the Staff Full Name field is not properly escaped before being outputted on a page. This could potentially lead to a security issue.
Recommendations:
For versions 20.3.0 and earlier, update to version 20.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Staff Full Name field to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wordpress Online Booking/Scheduling Plugin