Vulnerabilities > CVE-2021-24930 - Unspecified vulnerability in Booking-Wp-Plugin Bookly

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
booking-wp-plugin

Summary

The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue

Vulnerable Configurations

Part Description Count
Application
Booking-Wp-Plugin
168