A vulnerability was found in WP Booking Calendar Plugin up to 10.2.1 on WordPress. It has been classified as problematic. Affected is the function bookingform of the component Shortcode Handler. The manipulation leads to cross site scripting.

This vulnerability is traded as CVE-2024-6930. It is possible to launch the attack remotely. There is no exploit available.