Cross-site Scripting Vulnerability in Beds24 Online Booking by Markkinchin
CVE-2025-47489

6.5MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
7 May 2025

What is CVE-2025-47489?

The Beds24 Online Booking platform by Markkinchin is susceptible to a Cross-site Scripting (XSS) vulnerability that arises from improper input neutralization during web page generation. This could allow an attacker to execute malicious scripts in the context of a user's session, thereby compromising sensitive information and overall web security. This vulnerability affects versions of the product from n/a up to 2.0.29.

Affected Version(s)

Beds24 Online Booking <= 2.0.29

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Peter Thaleikis (Patchstack Alliance)
.