Stored Cross-site Scripting Vulnerability in FAT Services Booking by Roninwp
CVE-2024-54220

Currently unrated

Key Information:

Vendor: Roninwp
Status: FAT Services Booking
Vendor: CVE Published:; 9 December 2024

What is CVE-2024-54220?

A stored Cross-site Scripting (XSS) vulnerability has been identified in the FAT Services Booking plugin by Roninwp. This issue allows attackers to inject malicious scripts that are stored on the server and executed when users access affected web pages. The vulnerability affects versions of the FAT Services Booking plugin, enabling unauthorized users to exploit the input processing of the plugin, leading to potential data theft or unauthorized actions on behalf of users. It is crucial for users of this plugin to ensure they are using the latest patched version to mitigate this security risk.

References

https://patchstack.com/database/wordpress/plugin/fat-serv...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2024

JSON