ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Booking Calendar Contact Form Plugin 1.1.24 - Multiple Vulnerabilities

Product
Booking Calendar Contact Form
Description
This plugin is prone to persistent XSS vulnerabilities that appear in the administration page.
Solution
Upgrade the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.1.24
Fixed In 1.1.25
Disclosure date
2016-01-27
Credits
i0akiN SEC-LABORATORY