Get Started

WordPress: Stored Cross-Site Scripting Vulnerability in igumbi Online Booking Plugin

by the Hossted team
21.02.2025

In igumbi Online Booking plugin for WordPress versions 1.40 and prior a medium severity vulnerability CVE-2024-13455 was detected. This vulnerability allows authenticated attackers with contributor-level access and above to exploit Stored Cross-Site Scripting (XSS) via the ‘igumbi_calendar’ shortcode by injecting arbitrary web scripts that execute whenever a user accesses an affected page due to insufficient input sanitization and output escaping. To address this issue, users should upgrade igumbi Online Booking plugin to version 1.41. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13455.

Related articles
OSSpedia
OSSpedia 19 Feb 2025 WordPress: Insecure Direct Object Reference in Education Addon for Elementor Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Cross-Site Request Forgery Vulnerability in DeBounce Email Validator Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Unauthorized Access Vulnerability in Raptive Ads Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 11 Mar 2025 WordPress: Stored XSS Vulnerability in Countdown Timer Plugin Business and Enterprise Solutions CMS WOR