← back
CVE-2021-24232

Advanced Booking Calendar < 1.6.8 - Authenticated Reflected Cross-Site Scripting (XSS)

EPSS 0.6%CWE-79
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
22 Apr 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Advanced Booking Calendar WordPress plugin before 1.6.8 does not sanitise the license error message when output in the settings page, leading to an authenticated reflected Cross-Site Scripting issue