Name of the Vulnerable Software and Affected Versions:

Booking Calendar plugin for WordPress versions prior to 10.14.1

Description:

The Booking Calendar plugin for WordPress is susceptible to Stored Cross-Site Scripting through its settings. Insufficient input sanitization and output escaping allow authenticated attackers with Administrator-level access or higher to inject arbitrary web scripts into pages. These scripts execute when a user accesses the injected page.

Recommendations:

Update the Booking Calendar plugin to a version later than 10.14.1.