All the vulnerabilites related to aviplugins.com - WP Booking
jvndb-2024-000050
Vulnerability from jvndb
Published
2024-05-24 13:41
Modified
2024-05-24 13:41
Severity ?
Summary
WordPress Plugin "WP Booking" vulnerable to cross-site scripting
Details
WordPress Plugin "WP Booking" provided by aviplugins.com contains a stored cross-site scripting vulnerability (CWE-79).
Daiki Sato of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN35838128/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-35297 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| aviplugins.com | WP Booking |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000050.html",
"dc:date": "2024-05-24T13:41+09:00",
"dcterms:issued": "2024-05-24T13:41+09:00",
"dcterms:modified": "2024-05-24T13:41+09:00",
"description": "WordPress Plugin \"WP Booking\" provided by aviplugins.com contains a stored cross-site scripting vulnerability (CWE-79).\r\n\r\nDaiki Sato of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000050.html",
"sec:cpe": {
"#text": "cpe:/a:misc:aviplugins.com_wp_booking",
"@product": "WP Booking",
"@vendor": "aviplugins.com",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000050",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN35838128/index.html",
"@id": "JVN#35838128",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-35297",
"@id": "CVE-2024-35297",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "WordPress Plugin \"WP Booking\" vulnerable to cross-site scripting"
}
cve-2024-35297
Vulnerability from cvelistv5
Published
2024-05-27 04:40
Modified
2024-11-08 16:57
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability exists in WP Booking versions prior to 2.4.5. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| aviplugins.com | WP Booking |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35297",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T15:03:32.794287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T16:57:20.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/wp-easy-booking/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?new=3084990%40wp-easy-booking%2Ftrunk%2Fview%2Ffrontend%2Fbooking-locations.php\u0026old=2404687%40wp-easy-booking%2Ftrunk%2Fview%2Ffrontend%2Fbooking-locations.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN35838128/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Booking",
"vendor": "aviplugins.com",
"versions": [
{
"status": "affected",
"version": "prior to 2.4.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in WP Booking versions prior to 2.4.5. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-27T04:40:54.654Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://wordpress.org/plugins/wp-easy-booking/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?new=3084990%40wp-easy-booking%2Ftrunk%2Fview%2Ffrontend%2Fbooking-locations.php\u0026old=2404687%40wp-easy-booking%2Ftrunk%2Fview%2Ffrontend%2Fbooking-locations.php"
},
{
"url": "https://jvn.jp/en/jp/JVN35838128/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-35297",
"datePublished": "2024-05-27T04:40:54.654Z",
"dateReserved": "2024-05-15T23:42:11.567Z",
"dateUpdated": "2024-11-08T16:57:20.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}