cleantalk
Vulnerabilities and Security Researches

Bus Ticket Booking with Seat Reservation – WpBusTicketly | WordPress plugin, CVE-2023-4067

CVE, Research URL

CVE-2023-4067

Home page URL

Security reports for Bus Ticket Booking with Seat Reservation – WpBusTicketly | WordPress plugin

Application

Bus Ticket Booking with Seat Reservation – WpBusTicketly | WordPress plugin

Published on
Aug 02, 2023
Research Description
The Bus Ticket Booking with Seat Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab_date' and 'tab_date_r' parameters in versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 5.2.4.
Status
vulnerable
Previous vulnerability researches
Bus Ticket Booking with Seat Reservation – WpBusTicketly | WordPress plugin (CVE-2024-49294) , Jan 09, 2025
Bus Ticket Booking with Seat Reservation – WpBusTicketly | WordPress plugin (CVE-2026-27095) , Mar 30, 2026
Bus Ticket Booking with Seat Reservation – WpBusTicketly | WordPress plugin (CVE-2023-4067) , Jun 06, 2024
Bus Ticket Booking with Seat Reservation – WpBusTicketly | WordPress plugin (CVE-2023-30496) , Jun 06, 2024
Bus Ticket Booking with Seat Reservation – WpBusTicketly | WordPress plugin (CVE-2024-43985) , Sep 01, 2024
New vulnerability
File Manager Pro – Filester , Mar 30, 2026
Simple Author Box , Mar 30, 2026
Customizable WordPress Gallery Plugin – Modula Image Gallery , Mar 30, 2026
Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin , Mar 30, 2026
Product Feed PRO for WooCommerce (CVE-2026-32443) , Mar 30, 2026