CVE-2022-47438: WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.3 is vulnerable to Cross Site Scripting (XSS)
First published: Wed Mar 29 2023(Updated: )
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wpdevart Booking Calendar | <=3.2.3 |
Remedy
Update to 3.2.4 or a higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-47438.
What is the severity level of CVE-2022-47438?
The severity level of CVE-2022-47438 is medium with a CVSS score of 5.4.
What is the affected software for CVE-2022-47438?
The affected software for CVE-2022-47438 is WpDevArt Booking calendar, Appointment Booking System plugin version up to 3.2.3.
What is the Common Vulnerabilities and Exposures (CVE) database reference for CVE-2022-47438?
The Common Vulnerabilities and Exposures (CVE) database reference for CVE-2022-47438 can be found at https://patchstack.com/database/vulnerability/booking-calendar/wordpress-booking-calendar-appointment-booking-system-plugin-3-2-3-cross-site-scripting-xss?_s_id=cve.
What is the CWE (Common Weakness Enumeration) ID for CVE-2022-47438?
The CWE ID for CVE-2022-47438 is CWE-79 (Improper Neutralization of Input During Web Page Generation).
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/weakness
- agent/title
- agent/last-modified-date
- agent/references
- agent/author
- agent/description
- agent/event
- agent/tags
- agent/first-publish-date
- vendor/wpdevart
- canonical/wpdevart booking calendar
- version/wpdevart booking calendar/3.2.3