The Webba Booking plugin for WordPress has a security issue called Stored Cross-Site Scripting. This happens when the plugin doesn’t properly clean up the information it receives and sends out. As a result, someone with high-level access can put harmful code into a page that will run when someone views that page. This only affects websites with multiple pages and websites that have turned off a security feature called unfiltered_html.