cleantalk
Vulnerabilities and Security Researches

Beds24 Online Booking, CVE-2024-10177

CVE, Research URL

CVE-2024-10177

Home page URL

Security reports for Beds24 Online Booking

Application

Beds24 Online Booking

Published on
Nov 21, 2024
Research Description
The Beds24 Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's beds24-link shortcode in all versions up to, and including, 2.0.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 2.0.26.
Status
vulnerable
Previous vulnerability researches
Beds24 Online Booking (CVE-2025-32155) , Apr 06, 2025
Beds24 Online Booking (CVE-2024-51664) , Nov 05, 2024
Beds24 Online Booking (CVE-2023-52228) , Jun 07, 2024
Beds24 Online Booking (CVE-2024-24717) , Jun 07, 2024
Beds24 Online Booking (CVE-2024-10177) , Nov 22, 2024
New vulnerability
Church Admin (CVE-2025-39555) , Apr 18, 2025
Zephyr Project Manager (CVE-2025-39552) , Apr 18, 2025
Integration for WooCommerce and QuickBooks (CVE-2025-39600) , Apr 18, 2025
GB Gallery Slideshow (CVE-2025-32649) , Apr 18, 2025
Question Answer (CVE-2025-32646) , Apr 18, 2025