WordPress Plugin Vulnerabilities

Booking Calendar <= 6.2 - Reflected Cross-Site Scripting (XSS)

Description

The Booking Calendar WordPress plugin was affected by a Reflected Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
booking
Fixed in 6.2.1

References

URL
https://seclists.org/fulldisclosure/2016/Aug/0
URL
https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_booking_calendar_wordpress_plugin.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
b6da51c0-42bd-4847-b32c-b90b95828b27

Timeline

Publicly Published
2016-08-01 (about 9 years ago)
Added
2016-08-01 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2026-03-20
Title
Vagaro Booking Widget <= 0.3 - Unauthenticated Stored Cross-Site Scripting via 'vagaro_code'
Published
2015-08-18
Title
WP Ultimate Csv Importer < 3.8.1 - XSS
Published
2023-10-16
Title
EG-Attachments <= 2.1.3 - Reflected XSS
Published
2024-02-12
Title
Bold Page Builder < 4.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Raw Content
Published
2025-03-20
Title
Zalo Live Chat <= 1.1.0 - Reflected Cross-Site Scripting