WordPress Opal Hotel Room Booking plugin <= 1.2.7 - Stored Cross-Site Scripting (XSS) vulnerability
Software
Opal Hotel Room Booking
Vulnerable versions
<= 1.2.7
PSID
5a598010f868
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires contributor or higher role user authentication.
Publicly disclosed
2022-05-17
Patchstack vPatch available since
09.12.2021
Details
Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien (Patchstack Alliance) in WordPress Opal Hotel Room Booking plugin (versions <= 1.2.7).
Solution
Deactivate and delete. No reply from the vendor.
References
CVE-2022-29449
Plugin page