CVE-2024-8797

Summary

CVE-2024-8797 identifies a vulnerability in the WP Booking System – Booking Calendar plugin for WordPress, present in all versions up to and including 2.0.19.8, which is susceptible to Reflected Cross-Site Scripting (XSS) due to improper URL handling. This flaw allows unauthenticated attackers to inject malicious scripts into web pages, potentially compromising users if they are tricked into clicking on a link. The vulnerability exhibits a medium severity rating with a CVSS base score of 6.1, requiring user interaction for successful exploitation. To remediate this issue, users should update the plugin to the latest version that addresses this vulnerability. Organizations using affected versions of the plugin face risks related to user data integrity and potential hijacking of user sessions through XSS attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.