Stored Cross-Site Scripting Vulnerability in Starboard Suite Reservation Calendars for WordPress
CVE-2025-13968
6.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 11 July 2026
What is CVE-2025-13968?
The Starboard Suite Reservation Calendars plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping in the shortcode attributes of the [starboard-suite-lightbox] shortcode. This flaw allows authenticated attackers, with at least Contributor-level access, to insert arbitrary web scripts into pages. These scripts execute whenever a user visits the affected page, potentially leading to unauthorized actions or data exposure.
Affected Version(s)
Starboard Suite Reservation Calendars 0 <= 3.1.4