CVE-2024-9458

MEDIUM

Reservit Hotel - XSS

Title source: rule

Description

The Reservit Hotel WordPress plugin before 3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Exploits (1)

exploitdb WRITEUP

by Ilteris Kaan Pehlivan · textwebappsphp

https://www.exploit-db.com/exploits/52133

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/1157d6ae-af8b-4508-97e9-b9e86f612550/

Scores

CVSS v3 4.8

EPSS 0.0090

EPSS Percentile 75.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

reservit/reservit_hotel 2.1

Published Mar 07, 2025

Tracked Since Feb 18, 2026