WordPress Bus Ticket Booking Plugin XSS Vulnerability (CVSS 5.9)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Plugin Name: WordPress Bus Ticket Booking with Seat Reservation Plugin - Version Range: <= 5.3.5 - Vulnerability Type: Cross Site Scripting (XSS) - Risk Level: Low Priority - CVSS Score: 5.9 2. Vulnerability Impact: - Malicious attackers can inject malicious scripts, such as redirects, ads, and HTML payloads, which will execute when guests visit the website. 3. Solution: - Recommended Version: 5.3.6 or higher - Update Recommendation: Upgrade to version 5.3.6 or higher to remove the vulnerability. Patchstack users can enable automatic updates. 4. Detailed Information: - Software: Bus Ticket Booking with Seat Reservation Plugin - Type: Plugin - Affected Versions: <= 5.3.5 - Fixed Version: 5.3.6 5. Timeline: - Report Date: August 5, 2024 - Early Warning Sent: August 28, 2024 - Release Date: August 30, 2024 6. Additional Information: - Virtual Patch: Patchstack provides virtual patches that allow for quick vulnerability remediation without service interruption. - Virtual Patch: A virtual patch is a method to quickly fix vulnerabilities without disrupting services. - Known Exploits: Assistance is available if the website has already been compromised. - Subscription: Weekly WordPress security intelligence is delivered via email. This information helps users understand the severity, scope of impact, and how to resolve and prevent such vulnerabilities.

Goal Reached Thanks to every supporter — we hit 100%!

WordPress Bus Ticket Booking Plugin XSS Vulnerability (CVSS 5.9)