WordPress is a set of blogging platform developed using PHP language. A cross-site scripting vulnerability exists in the WordPress plugin Booking Calendar. The vulnerability stems from the program not cleaning and escaping the Booking_type parameter before exporting it back to the administration page. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress booking calendar | lt | 8.9.2 |