Vulnerabilities > Wpbookingcalendar > WP Booking Calendar > 8.7

DATE	CVE	VULNERABILITY TITLE	RISK
2025-05-17	CVE-2025-4669	Cross-site Scripting vulnerability in Wpbookingcalendar WP Booking Calendar The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpbc shortcode in all versions up to, and including, 10.11.1 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity wpbookingcalendar CWE-79	5.4
2024-10-04	CVE-2024-9306	Cross-site Scripting vulnerability in Wpbookingcalendar WP Booking Calendar The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping. network low complexity wpbookingcalendar CWE-79	4.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.