CVE-2024-8274
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-8274 identifies a vulnerability in the WP Booking Calendar plugin for WordPress, affecting all versions up to and including 10.5, which is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization. This vulnerability allows unauthenticated attackers to inject malicious scripts into web pages, potentially compromising users who are tricked into clicking on malicious links. To remediate this issue, users should update the plugin to the latest version that addresses this vulnerability. The risk posed by this vulnerability has been rated as medium, with a CVSS base score of 6.1, indicating low integrity and confidentiality impacts but requiring user interaction for exploitation. Organizations using this plugin should prioritize updating it to mitigate potential security risks associated with this flaw.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.