PT-2022-10580 · WordPress · Booking Ultra Pro
Ngo Van
+1
·
Published
2022-09-30
·
Updated
2022-10-04
·
CVE-2021-36855
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Booking Ultra Pro plugin versions <= 1.1.4
Description
The issue is related to a Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability. This vulnerability can be exploited in the Booking Ultra Pro plugin at WordPress.
Recommendations
For Booking Ultra Pro plugin versions <= 1.1.4, update to a version higher than 1.1.4 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the WordPress site to minimize the risk of exploitation.
Fix
XSS
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Booking Ultra Pro