CVE-2024-10893丨WP Booking Calendar < 10.6.5 - Admin+ 存储型 XSS

WP Booking Calendar < 10.6.5 - Admin+ 存储型 XSS (CVE-2024-10893) CVE编号 CVE-2024-10893 利用情况 暂无 补丁情况 N/A 披露时间 2024-12-03 漏洞描述 The WP Booking Calendar WordPress plugin before 10.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 解决建议 建议您更新当前系统或软件至最新版，完成漏洞的修复。 参考链接 https://wpscan.com/vulnerability/a230a552-3fda-4145-810f-58af540107db/