Cross-Site Scripting (XSS) vulnerability found in the WordPress Booking Ultra Pro Appointments Booking Calendar Plugin version 1.1.4 or earlier. The vulnerability, which has a high severity CVSS score of 7.1, was discovered by TEAM WEBoB of BoB 11th and has not been fixed yet. The vulnerability could allow malicious actors to inject harmful scripts, such as redirects, ads, and other HTML payloads, into a website. Additionally, the page mentions three other known vulnerabilities for this plugin, including Cross-Site Request Forgery (CSRF) issues.
Users of Patchstack Pro, Defender Pro and WP-Firewall have been protected from this vulnerability since December 9, 2022.
