CVE-2023-51520

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 1, 2024

Updated: Feb 6, 2024

CWE ID 79

Summary

CVE-2023-51520 is an Cross-Site Scripting (XSS) vulnerability impacting the WP Booking Calendar plugin before version 9.7.4 by WPdevelop. Malicious actors can exploit this Improper Neutralization of Input During Web Page Generation issue to inject and execute malicious scripts in users' browsers, potentially stealing sensitive information or spreading malware. This stored XSS vulnerability poses a serious threat to websites utilizing the affected WP Booking Calendar plugin.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t3xlC_
https://www.cve.org/CVERecord?id=CVE-2023-51520
https://nvd.nist.gov/vuln/detail/CVE-2023-51520

Back to Vulnerability Database

CVE-2023-51520

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations