WordPress Plugin Vulnerabilities

Booking Calendar Contact Form < 1.2.41 - Unauthenticated Reflected Cross-Site Scripting

Description

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeople Booking Calendar Contact Form plugin <= 1.2.40 versions.

Affects Plugins

Plugin icon
booking-calendar-contact-form
Fixed in 1.2.41

References

CVE
CVE-2023-36384

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
BOT
Verified
No
WPVDB ID
9a44a04a-a232-4b67-a965-952be180419e

Timeline

Publicly Published
2023-07-18 (about 2 years ago)
Added
2023-07-18 (about 2 years ago)
Last Updated
2023-07-18 (about 2 years ago)

Other

Published
Title
Published
2024-01-31
Title
EventON < 4.4.1 - Reflected Cross-Site Scripting
Published
2025-02-20
Title
TCBD Tooltip <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-01-16
Title
Custom Page Extensions <= 0.6 - Reflected Cross-Site Scripting
Published
2024-03-19
Title
Website Article Monetization By MageNet < 1.0.12 - Unauthenticated Stored XSS
Published
2026-05-13
Title
The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce < 6.4.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Navigation Menu Lite Widget