Beta

Report

DiveBook <= 1.1.4 is vulnerable to Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated
Published
2020-12-08

The DiveBook plugin 1.1.4 for WordPress is prone to unauthenticated XSS within the filter function (via an arbitrary parameter).

CVE

https://www.cve.org/CVERecord?id=CVE-2020-14206

CVSS

Score:7.1

Severity:High

Version: 1.1.4

There is a patch available in v1.5.5 and we strongly recommend you update to this version as soon as possible.