Stored Cross-site Scripting Vulnerability in Deetronix Booking Ultra Pro Product
CVE-2025-58633

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
Booking Ultra Pro
Vendor
CVE Published:
3 September 2025

What is CVE-2025-58633?

A stored Cross-site Scripting (XSS) vulnerability exists in Deetronix Booking Ultra Pro that allows attackers to inject malicious scripts into web pages. This vulnerability affects versions of the product from n/a to 1.1.21, potentially enabling unauthorized users to execute harmful JavaScript in the context of the victim's session. It is crucial for users of Booking Ultra Pro to implement security measures and update to the latest version to mitigate this risk.

Affected Version(s)

Booking Ultra Pro <= 1.1.21

References

https://patchstack.com/database/wordpress/plugin/booking-...
vdb-entry

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Muhammad Yudha - DJ (Patchstack Alliance)
.
CVE-2025-58633 : Stored Cross-site Scripting Vulnerability in Deetronix Booking Ultra Pro Product