Title: Security vulnerabilities Last modified: March 7, 2022 --- # Security vulnerabilities * Resolved [siiimon](https://wordpress.org/support/users/siiimon/) * (@siiimon) * [4 years, 3 months ago](https://wordpress.org/support/topic/security-vulnerabilities-9/) * I’m getting reports of security vulnerabilities with this plugin ie. - WordPress Booking Calendar Plugin <= 6.2 – Reflected Cross Site Scripting WordPress Booking Calendar Plugin 6.2 – SQL Injection WordPress Booking Calendar Plugin 4.1.4 – CSRF * I have updated the plugin and even tried downloading and installing the latest package from the developers website. These measures have not worked. Is anyone else getting this and/or know of a fix? Viewing 6 replies - 1 through 6 (of 6 total) * Plugin Author [wpdevart](https://wordpress.org/support/users/wpdevart/) * (@wpdevart) * [4 years, 3 months ago](https://wordpress.org/support/topic/security-vulnerabilities-9/#post-15434933) * Hi [@siiimon](https://wordpress.org/support/users/siiimon/). * Could you tell us how did you test our plugin? * Can you send us more details? * We did not notice such problems. * Thanks. * Thread Starter [siiimon](https://wordpress.org/support/users/siiimon/) * (@siiimon) * [4 years, 3 months ago](https://wordpress.org/support/topic/security-vulnerabilities-9/#post-15435654) * Hi there – thanks for looking at this. The issue arose from a Vulnerability scan undertaken by a Plesk install earlier today. I believe the service uses Patchstack ie. [https://patchstack.com/database/vulnerability/booking-calendar/wordpress-booking-calendar-plugin-6-2-reflected-cross-site-scripting](https://patchstack.com/database/vulnerability/booking-calendar/wordpress-booking-calendar-plugin-6-2-reflected-cross-site-scripting) * Plugin Author [wpdevart](https://wordpress.org/support/users/wpdevart/) * (@wpdevart) * [4 years, 3 months ago](https://wordpress.org/support/topic/security-vulnerabilities-9/#post-15438575) * Hi [@siiimon](https://wordpress.org/support/users/siiimon/). * Okay, we will check it, and then we will let you know. * Thanks. * Thread Starter [siiimon](https://wordpress.org/support/users/siiimon/) * (@siiimon) * [4 years, 3 months ago](https://wordpress.org/support/topic/security-vulnerabilities-9/#post-15439506) * Thanks very much. * Plugin Author [wpdevart](https://wordpress.org/support/users/wpdevart/) * (@wpdevart) * [4 years, 1 month ago](https://wordpress.org/support/topic/security-vulnerabilities-9/#post-15572468) * Hi. * We think it’s a bug or it was another plugin previously registered with the slug our plugin currently has, so we’ll close this topic. * Thanks. * Thread Starter [siiimon](https://wordpress.org/support/users/siiimon/) * (@siiimon) * [4 years, 1 month ago](https://wordpress.org/support/topic/security-vulnerabilities-9/#post-15572760) * Ok. Thanks for looking into the issue. Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Security vulnerabilities’ is closed to new replies. * ![](https://ps.w.org/booking-calendar/assets/icon-128x128.png?rev=1307202) * [Booking calendar, Appointment Booking System](https://wordpress.org/plugins/booking-calendar/) * [Frequently Asked Questions](https://wordpress.org/plugins/booking-calendar/#faq) * [Support Threads](https://wordpress.org/support/plugin/booking-calendar/) * [Active Topics](https://wordpress.org/support/plugin/booking-calendar/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/booking-calendar/unresolved/) * [Reviews](https://wordpress.org/support/plugin/booking-calendar/reviews/) * 6 replies * 2 participants * Last reply from: [siiimon](https://wordpress.org/support/users/siiimon/) * Last activity: [4 years, 1 month ago](https://wordpress.org/support/topic/security-vulnerabilities-9/#post-15572760) * Status: resolved