Vulnerabilities > BA Booking > BA Book Everything > 1.1.3

DATE CVE VULNERABILITY TITLE RISK
2024-10-06 CVE-2024-47360 Cross-site Scripting vulnerability in Ba-Booking BA Book Everything
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Booking Algorithms BA Book Everything allows Reflected XSS.This issue affects BA Book Everything: from n/a through 1.6.20.
network
low complexity
ba-booking CWE-79
6.1
2024-04-18 CVE-2024-32576 Unspecified vulnerability in Ba-Booking BA Book Everything
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking Algorithms BA Book Everything allows Stored XSS.This issue affects BA Book Everything: from n/a through 1.6.8.
network
low complexity
ba-booking
5.4
2024-04-18 CVE-2024-32598 Unspecified vulnerability in Ba-Booking BA Book Everything
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking Algorithms BA Book Everything allows Stored XSS.This issue affects BA Book Everything: from n/a through 1.6.8.
network
low complexity
ba-booking
5.4
2024-04-16 CVE-2024-3672 Cross-site Scripting vulnerability in Ba-Booking BA Book Everything
The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'all-items' shortcode in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'classes'.
network
low complexity
ba-booking CWE-79
5.4
2024-04-15 CVE-2024-32125 Unspecified vulnerability in Ba-Booking BA Book Everything
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Booking Algorithms BA Book Everything.This issue affects BA Book Everything: from n/a through 1.6.4.
network
low complexity
ba-booking
8.8