WordPress Plugin Vulnerabilities

Booking Package < 1.5.11 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting

Affects Plugins

Plugin icon
booking-package
Fixed in 1.5.11

References

CVE
CVE-2021-20840
URL
https://jvn.jp/en/jp/JVN68066589/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Gen Sato of Mitsui Bussan Secure Directions, Inc
Verified
Yes
WPVDB ID
e7857e2e-622b-42f2-b197-400523afdeee

Timeline

Publicly Published
2021-11-10 (about 4 years ago)
Added
2021-11-10 (about 4 years ago)
Last Updated
2022-04-12 (about 3 years ago)

Other

Published
Title
Published
2021-10-25
Title
Video Lessons Manager - Admin+ Stored Cross-Site Scripting
Published
2014-08-01
Title
Quick Paypal Payments 3.0 - Payment Sending Multiple Parameter XSS
Published
2024-04-02
Title
Jeg Elementor Kit < 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial
Published
2025-10-19
Title
ListingPro <= 2.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-10-31
Title
Linker < 1.2.2 - Contributor+ Stored XSS