CVE-2024-8663

Summary

CVE-2024-8663 identifies a Reflected Cross-Site Scripting vulnerability in the WP Simple Booking Calendar plugin for WordPress, affecting all versions up to and including 2.0.10. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts into pages, potentially compromising user interactions if they are misled into clicking malicious links. To remediate this issue, it is recommended that users update the plugin to the latest version released after 2.0.10, which addresses this flaw. The exploit's severity is rated as medium with an exploitability score of 2.8, indicating that user interaction is required for successful exploitation while having low integrity and confidentiality impacts. Organizations utilizing this plugin should take prompt action to mitigate potential risks associated with this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.