Medium severity6.1NVD Advisory· Published Apr 11, 2022· Updated Jun 17, 2026
CVE-2022-1007
CVE-2022-1007
Description
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Advanced Booking Calendardescription
- Range: <1.7.1
Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/changeset/2695427nvdPatchThird Party Advisory
- wpscan.com/vulnerability/6f5b764b-d13b-4371-9cc5-91204d9d6358nvdExploitPatchThird Party Advisory
News mentions
0No linked articles in our index yet.