CVE-2025-12804 | Booking Calendar Plugin up to 10.14.6 on WordPress Shortcode bookingcalendar cross site scripting

A vulnerability has been found in Booking Calendar Plugin up to 10.14.6 on WordPress and classified as problematic. Affected is the function bookingcalendar of the component Shortcode Handler. This manipulation causes cross site scripting.

This vulnerability is tracked as CVE-2025-12804. The attack is possible to be carried out remotely. No exploit exists.VulDB Recent EntriesRead More