Opal Hotel Room Booking <= 1.2.7 – Contributor+ Stored Cross-Site Scripting | CVE 2022-29449

Affects Plugins

opal-hotel-room-booking

No known fix

References

CVE

CVE-2022-29449

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.8 (medium)

Miscellaneous

Original Researcher

Ngo Van Thien

Verified

No

WPVDB ID

60571845-8d1d-4479-ae96-8d96d043ae9c

Timeline

Publicly Published

2022-05-17 (about 3 years ago)

Added

2022-05-19 (about 3 years ago)

Last Updated

2023-02-13 (about 3 years ago)

Other

Published

Title

Published

2025-05-01

Title

KiwiChat NextClient <= 6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter

Published

2026-01-20

Title

iRobots.txt SEO <= 1.1.2 - Reflected Cross-Site Scripting

Published

2025-03-27

Title

tagDiv Composer < 5.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2025-01-06

Title

Woo Ukrposhta < 1.18.0 - Reflected Cross-Site Scripting via order, post, and idd Parameters

Published

2025-04-09

Title

Request Call Back <= 1.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting