CVE-2024-8274

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 30, 2024
Updated: Sep 3, 2024
CWE ID 79

Summary

CVE-2024-8274 identifies a vulnerability in the WP Booking Calendar plugin for WordPress, affecting all versions up to and including 10.5, which is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization. This vulnerability allows unauthenticated attackers to inject malicious scripts into web pages, potentially compromising users who are tricked into clicking on malicious links. To remediate this issue, users should update the plugin to the latest version that addresses this vulnerability. The risk posed by this vulnerability has been rated as medium, with a CVSS base score of 6.1, indicating low integrity and confidentiality impacts but requiring user interaction for exploitation. Organizations using this plugin should prioritize updating it to mitigate potential security risks associated with this flaw.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share