A vulnerability classified as problematic has been found in dwbooster Booking Calendar Contact Plugin up to 1.1.24 on WordPress. This vulnerability affects unknown code of the file admin.php of the component Administration Interface . The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2016-20084 . The attack can be initiated remotely. Additionally, an exploit exists.