CVE-2021-24232
Advanced Booking Calendar < 1.6.8 - Authenticated Reflected Cross-Site Scripting (XSS)
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
22 Apr 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Advanced Booking Calendar WordPress plugin before 1.6.8 does not sanitise the license error message when output in the settings page, leading to an authenticated reflected Cross-Site Scripting issue
Affected products
Unknown · Advanced Booking Calendar