Cross-Site Scripting Vulnerability in DesignThemes Reservation Plugin
CVE-2025-64221

Currently unrated

Key Information:

Vendor

WordPress
Status
Reservation Plugin
Vendor
CVE Published:
18 December 2025

What is CVE-2025-64221?

An improper neutralization of input during the web page generation process has led to a Cross-Site Scripting (XSS) vulnerability in the DesignThemes Reservation Plugin. This vulnerability allows attackers to execute arbitrary JavaScript in the context of the user's session, potentially leading to data theft, unauthorized actions, or exposure of sensitive information. All versions of the plugin up to and including 1.6 are affected by this issue, which could be exploited when users access specially crafted URLs.

Affected Version(s)

Reservation Plugin <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/dt-r...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Bonds | Patchstack Bug Bounty Program
JSON
.
CVE-2025-64221 : Cross-Site Scripting Vulnerability in DesignThemes Reservation Plugin