Cross-site Scripting Vulnerability in CodePeople Booking Calendar Contact Form
CVE-2025-24723

5.9MEDIUM

Key Information:

Vendor: Codepeople
Status: Booking Calendar Contact Form
Vendor: CVE Published:; 24 January 2025

Summary

A Cross-site Scripting vulnerability exists in the CodePeople Booking Calendar Contact Form plugin that allows attackers to inject malicious scripts into web pages viewed by other users. This Stored XSS issue impacts versions from n/a up to 1.2.55, making it essential for users to update their plugins to avoid potential exploitation that could compromise user data and site integrity.

Affected Version(s)

Booking Calendar Contact Form <= 1.2.55

References

https://patchstack.com/database/wordpress/plugin/booking-...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 24, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

Nguyễn Khánh Hào (Patchstack Alliance)