CVE Catalog
CVE-2026-57638
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.16%
6th percentile — higher than 6% of all known CVEs
Summary
Cross Site Scripting (XSS) vulnerability in Fluent Booking versions up to 2.1.0 allows an attacker to inject malicious JavaScript code through improperly sanitized contributor input.
Risk Assessment
An attacker can steal user sessions, redirect users to malicious sites, or perform other unauthorized actions in the context of the victim's browser.
Recommendation
Immediately update the Fluent Booking plugin to a version later than 2.1.0 that includes a fix for the XSS vulnerability.
Original NVD description (English source)
Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions.

