cleantalk
Vulnerabilities and Security Researches

My Reservation System, CVE-2025-7022

CVE, Research URL

CVE-2025-7022

Home page URL

Security reports for My Reservation System

Application

My Reservation System

Published on
Jul 25, 2025
Research Description
The My Reservation System WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Affected versions
Min -, max 2.3.
Status
vulnerable
Previous vulnerability researches
Snow Storm (b9155ea27a956bb6aecadd924fc7ba8cfeaf37c3) , Mar 22, 2025
Snow Storm (CVE-2025-30858) , Apr 05, 2025
New vulnerability
WP Tournament Registration (CVE-2025-6690) , Aug 06, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-8100) , Aug 06, 2025
Online Booking & Scheduling Calendar for WordPress by vcita (CVE-2025-54676) , Aug 06, 2025
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2025-54667) , Aug 06, 2025
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2025-54668) , Aug 06, 2025