CVE-2025-4669 – WordPress Booking Calendar Stored Cross-Site Scripting (XSS) Vulnerability

May 17, 2025

CVE ID : CVE-2025-4669

Published : May 17, 2025, 12:15 p.m. | 53 minutes ago

Description : The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wpbc shortcode in all versions up to, and including, 10.11.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-40906 – MongoDB BSON Serialization BSON::XS Multiple Vulnerabilities

Next Article CVE-2025-3527 – WordPress EventON Pro Stored Cross-Site Scripting (XSS)

Highlights

CVE-2025-25014 (CVSS 9.1): Prototype Pollution in Kibana Opens Door to Code Execution

May 7, 2025

CVE-2025-25014 (CVSS 9.1): Prototype Pollution in Kibana Opens Door to Code Execution

Elastic has issued a critical security advisory for Kibana, warning users of a vulnerability tracked as CVE-2025-25014. Scoring a CVSS of 9.1, this flaw stems from a prototype pollution vulnerability …
Read more

Published Date:
May 07, 2025 (3 hours, 11 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-25014

CVE-2024-12556

CVE-2025-25015

CVE-2024-43707

CVE-2024-11120

CVE-2024-37285

CVE-2024-37288

CVE-2024-37287

CVE-2024-6047

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Microsoft has closed its “Experience Center” store in Sydney, Australia — as it ramps up a continued digital growth campaign

Bing Search APIs to be “decommissioned completely” as Microsoft urges developers to use its Azure agentic AI alternative

Microsoft might kill the Surface Laptop Studio as production is quietly halted

Minecraft licensing robbed us of this controversial NFL schedule release video

The power of generators

The power of generators

Simplify Factory Associations with Laravel’s UseFactory Attribute

This Week in Laravel: React Native, PhpStorm Junie, and more

Microsoft has closed its “Experience Center” store in Sydney, Australia — as it ramps up a continued digital growth campaign

Microsoft has closed its “Experience Center” store in Sydney, Australia — as it ramps up a continued digital growth campaign

Bing Search APIs to be “decommissioned completely” as Microsoft urges developers to use its Azure agentic AI alternative

Microsoft might kill the Surface Laptop Studio as production is quietly halted

CVE-2025-4669 – WordPress Booking Calendar Stored Cross-Site Scripting (XSS) Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-4831 – TOTOLINK HTTP POST Request Handler Buffer Overflow Vulnerability

PowerToys next new feature is a handy transcoder for audio and video files

4 ways you can take advantage of Google’s expanded shopping tools this summer

Neutralinojs 5.3 released!

Red Hat In-Vehicle OS raggiunge un nuovo livello di compatibilità per portare Linux sulle automobili

CVE-2025-25014 (CVSS 9.1): Prototype Pollution in Kibana Opens Door to Code Execution

Bringing the End-User into the AI Picture

Rite Aid Discloses Major Data Breach After Cyberattack by RansomHub

Replicating CSS Object-Fit in WebGL: Optimized Techniques for Image Scaling and Positioning

CVE-2025-4669 – WordPress Booking Calendar Stored Cross-Site Scripting (XSS) Vulnerability

Related Posts