PT-2025-52168 · WordPress · Reservation Plugin
Bonds
·
Published
2025-12-18
·
Updated
2025-12-18
·
CVE-2025-64221
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
designthemes Reservation Plugin versions through 1.6
Description
The designthemes Reservation Plugin dt-reservation-plugin contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-site Scripting (XSS). This issue could potentially allow an attacker to inject malicious scripts into web pages viewed by other users. The vulnerable component is susceptible to exploitation through crafted input.
Recommendations
Update the designthemes Reservation Plugin to a version later than 1.6.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Reservation Plugin