cleantalk
Vulnerabilities and Security Researches

WP Booking Calendar, CVE-2025-64381

CVE, Research URL

CVE-2025-64381

Home page URL

Security reports for WP Booking Calendar

Application

WP Booking Calendar

Published on
Nov 13, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Calendar booking allows Stored XSS.This issue affects Booking Calendar: from n/a through <= 10.14.7.
Affected versions
max 10.14.8.
Status
vulnerable
Previous vulnerability researches
Magento 2 WordPress Integration (CVE-2025-58669) , Oct 11, 2025
New vulnerability
Perfect Brands for WooCommerce (CVE-2025-10144) , Dec 11, 2025
Async JavaScript (CVE-2020-36854) , Dec 11, 2025
WP-Iconics (CVE-2025-12671) , Dec 11, 2025
BigBuy Dropshipping Connector for WooCommerce (CVE-2025-12039) , Dec 11, 2025
WSChat &#8211; WordPress Live Chat (CVE-2025-12751) , Dec 11, 2025