CVE-2023-4620

Summary

CVE-2023-4620 is a vulnerability that affects the Booking Calendar WordPress plugin before version 9.7.3.1. It allows unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators due to the plugin's failure to sanitize and escape certain booking data. This vulnerability has a risk score of 25 and a base severity of MEDIUM, according to NVD. The exploitability score is 2.8, and the base score is 6.1. No privileges are required for exploitation, but user interaction is required, and the attack vector is through the network. The potential impact includes low integrity and confidentiality impacts, with no availability impact. The affected products include various versions of the Booking Calendar WordPress plugin, posing a potential danger to organizations using this plugin on their websites. To remediate this vulnerability, users should update their Booking Calendar plugin to version 9.7.3.1 or later versions that address this issue. Note: The above summary provides factual information based on the given text but does not include any analysis or opinions about the vulnerability or its implications for organizations using the affected products.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.