WordPress Plugin Vulnerabilities

Booqable Rental <= 2.4.16 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin to perform Cross-Site Scripting attacks

Affects Plugins

Plugin icon
booqable-rental-reservations
Fixed in 2.4.16

References

CVE
CVE-2023-30746

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
TEAM WEBoB of BoB 11th
Verified
No
WPVDB ID
68b211fe-6ef0-4559-98bc-e0d35b7c89a3

Timeline

Publicly Published
2023-04-14 (about 1 years ago)
Added
2023-05-10 (about 11 months ago)
Last Updated
2023-05-10 (about 11 months ago)

Other

Published
Title
Published
2022-11-25
Title
Content Repeater <= 1.1.13 - Admin+ Stored XSS
Published
2023-08-01
Title
Bus Ticket Booking with Seat Reservation < 5.2.4 - Reflected XSS
Published
2020-01-16
Title
Reality < 2.5.3 - Unauthenticated Reflected XSS
Published
2023-05-09
Title
VK Blocks < 1.54.0 - Multiple Stored XSS
Published
2021-07-26
Title
WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting