WP Booking System < 1.4 – Authenticated Stored Cross-Site Scripting (XSS) | CVE 2017-2168

Affects Plugins

wp-booking-system

Fixed in 1.4

References

CVE

CVE-2017-2168

URL

https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000092.html

URL

https://jvn.jp/en/jp/JVN96165722/index.html

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

a848d724-cb73-4b50-914f-f942774c51d0

Timeline

Publicly Published

2017-05-16 (about 8 years ago)

Added

2017-05-23 (about 8 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2022-04-01

Title

Page Restriction WordPress < 1.2.7 - Admin+ Stored Cross-Site Scripting

Published

2024-10-21

Title

Js paper <= 2.5.7 - Reflected Cross-Site Scripting

Published

2025-02-03

Title

Job Board Manager <= 2.1.60 - Reflected Cross-Site Scripting

Published

2025-09-10

Title

WP Easy FAQs <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via WP_EASY_FAQ Shortcode

Published

2024-12-04

Title

Jetpack 13.0-14.0 - Unauthenticated DOM-XSS