Booking.com Banner Creator <= 1.4.2 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability

Administrator

Published
2021-10-04

The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

CVE

https://www.cve.org/CVERecord?id=CVE-2021-24646

CVSS

Score:4.8

Severity:Medium

Version: 1.4.2

There is a patch available in v1.4.3 and we strongly recommend you update to this version as soon as possible.