1.1.3

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-06	CVE-2024-47360	Cross-site Scripting vulnerability in Ba-Booking BA Book Everything Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Booking Algorithms BA Book Everything allows Reflected XSS.This issue affects BA Book Everything: from n/a through 1.6.20. network low complexity ba-booking CWE-79	6.1
2024-04-18	CVE-2024-32576	Unspecified vulnerability in Ba-Booking BA Book Everything Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking Algorithms BA Book Everything allows Stored XSS.This issue affects BA Book Everything: from n/a through 1.6.8. network low complexity ba-booking	5.4
2024-04-18	CVE-2024-32598	Unspecified vulnerability in Ba-Booking BA Book Everything Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking Algorithms BA Book Everything allows Stored XSS.This issue affects BA Book Everything: from n/a through 1.6.8. network low complexity ba-booking	5.4
2024-04-16	CVE-2024-3672	Cross-site Scripting vulnerability in Ba-Booking BA Book Everything The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'all-items' shortcode in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'classes'. network low complexity ba-booking CWE-79	5.4
2024-04-15	CVE-2024-32125	Unspecified vulnerability in Ba-Booking BA Book Everything Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Booking Algorithms BA Book Everything.This issue affects BA Book Everything: from n/a through 1.6.4. network low complexity ba-booking	8.8