CVE Catalog

CVE-2026-57638

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile — higher than 6% of all known CVEs

Summary

Cross Site Scripting (XSS) vulnerability in Fluent Booking versions up to 2.1.0 allows an attacker to inject malicious JavaScript code through improperly sanitized contributor input.

Risk Assessment

An attacker can steal user sessions, redirect users to malicious sites, or perform other unauthorized actions in the context of the victim's browser.

Recommendation

Immediately update the Fluent Booking plugin to a version later than 2.1.0 that includes a fix for the XSS vulnerability.

Original NVD description (English source)

Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS