cleantalk
Vulnerabilities and Security Researches

Booking Package, CVE-2024-13508

CVE, Research URL

CVE-2024-13508

Home page URL

Security reports for Booking Package

Application

Booking Package

Published on
Feb 19, 2025
Research Description
The Booking Package plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the locale parameter in all versions up to, and including, 1.6.72 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
Min -, max 1.6.73.
Status
vulnerable
Previous vulnerability researches
Booking Package (CVE-2024-13508) , Feb 20, 2025
Booking Package (CVE-2021-20840) , Jun 06, 2024
Booking Package (CVE-2022-0709) , Jun 06, 2024
Booking Package (CVE-2023-37389) , Jun 06, 2024
Booking Package (CVE-2023-39918) , Jun 06, 2024
New vulnerability
My Reservation System (CVE-2025-7022) , Aug 02, 2025
Connector for Gravity Forms and Google Sheets (CVE-2025-54682) , Aug 02, 2025
Content Egg (CVE-2025-47536) , Aug 02, 2025
Smart Slider 3 (CVE-2025-6348) , Aug 02, 2025
Realtyna Organic IDX plugin + WPL Real Estate (CVE-2025-54052) , Aug 02, 2025