Vulnerabilities > Bookingholdings > Booking COM Product Helper > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-08 | CVE-2021-24645 | Cross-site Scripting vulnerability in Bookingholdings Booking.Com Product Helper 1.0.0/1.0.1 The Booking.com Product Helper WordPress plugin before 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 3.5 |