WordPress Plugin Vulnerabilities

Hotel Listing < 1.3.3 - Authenticated Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape some of the Listing fields (such as address, city, zipcode and country), which could lead to Stored Cross-Site Scripting issues

Affects Plugins

Plugin icon
hotel-listing
Fixed in 1.3.3

References

URL
https://www.vulnerability-lab.com/get_content.php?id=2277

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.4 (medium)

Miscellaneous

Verified
No
WPVDB ID
10d81d36-548d-45c9-bb9f-5fc568f5f466

Timeline

Publicly Published
2021-10-28 (about 4 years ago)
Added
2021-11-03 (about 4 years ago)
Last Updated
2022-04-12 (about 4 years ago)

Other

Published
Title
Published
2023-11-07
Title
Actueel Financieel Nieuws – Denk Internet Solutions < 6.0.0 - Admin+ Stored XSS
Published
2025-03-11
Title
Finale Lite – Sales Countdown Timer & Discount for WooCommerce < 2.20.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Countdown Timer
Published
2025-10-24
Title
The7 — Ultimate WordPress & WooCommerce Theme < 12.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'the7_fancy_title_css'
Published
2025-02-22
Title
Fast Flow < 1.2.18 - Reflected Cross-Site Scripting
Published
2025-03-06
Title
Wishlist < 1.0.44 - Authenticated (Contributor+) Stored Cross-Site Scripting