Vulnerabilities > BA Booking > BA Book Everything > 1.1.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-06 | CVE-2024-47360 | Cross-site Scripting vulnerability in Ba-Booking BA Book Everything Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Booking Algorithms BA Book Everything allows Reflected XSS.This issue affects BA Book Everything: from n/a through 1.6.20. | 6.1 |
2024-04-18 | CVE-2024-32576 | Unspecified vulnerability in Ba-Booking BA Book Everything Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking Algorithms BA Book Everything allows Stored XSS.This issue affects BA Book Everything: from n/a through 1.6.8. | 5.4 |
2024-04-18 | CVE-2024-32598 | Unspecified vulnerability in Ba-Booking BA Book Everything Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking Algorithms BA Book Everything allows Stored XSS.This issue affects BA Book Everything: from n/a through 1.6.8. | 5.4 |
2024-04-16 | CVE-2024-3672 | Cross-site Scripting vulnerability in Ba-Booking BA Book Everything The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'all-items' shortcode in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'classes'. | 5.4 |
2024-04-15 | CVE-2024-32125 | Unspecified vulnerability in Ba-Booking BA Book Everything Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Booking Algorithms BA Book Everything.This issue affects BA Book Everything: from n/a through 1.6.4. | 8.8 |