CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/06/15 8:18 p.m.•9 views

EUVD-2026-36832

Unauthenticated Sensitive Data Exposure in Bookly = 27.4 versions...

Cvelist•added 2026/06/15 8:18 p.m.•25 views

CVE-2026-42667 WordPress Bookly plugin <= 27.4 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Bookly = 27.4 versions...

7.5CVSS0.00294EPSS

Vulnrichment•added 2026/06/15 8:18 p.m.•6 views

CVE-2026-42667 WordPress Bookly plugin <= 27.4 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Bookly = 27.4 versions...

CVE•added 2026/06/15 8:18 p.m.•13 views

CVE-2026-42667

The CVE details an unauthenticated sensitive data exposure in the WordPress Bookly plugin, version

Patchstack•added 2026/06/15 9:35 a.m.•9 views

WordPress Online Scheduling and Appointment Booking System – Bookly plugin <= 27.2 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Bookly versions = 27.2...

7.2CVSS5.2AI score0.00312EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2026/06/15 12:0 a.m.•8 views

PT-2026-49458

Unauthenticated Sensitive Data Exposure in Bookly = 27.4 versions...

GithubExploit•added 2026/06/14 7:53 a.m.•99 views

Exploits0References2

Exploit for CVE-2026-5513

CVE-2026-5513 — Bookly ≤ 27.2 Stored XSS via Cookie...

NVD•added 2026/06/13 12:16 p.m.•13 views

Exploits1

CVE-2026-5513

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.00312EPSS

Vulnrichment•added 2026/06/13 11:25 a.m.•9 views

CVE-2026-5513 Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie

Cvelist•added 2026/06/13 11:25 a.m.•32 views

CVE-2026-5513 Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie

7.2CVSS0.00312EPSS

CVE•added 2026/06/13 11:25 a.m.•28 views

CVE-2026-5513

The Bookly WordPress plugin (Online Scheduling and Appointment Booking System) is vulnerable to Stored XSS in versions up to 27.2 via the bookly-customer-full-name cookie due to insufficient input sanitization and output escaping. Unauthenticated attackers can inject arbitrary scripts that execut...

EUVD•added 2026/06/13 11:25 a.m.•12 views

EUVD-2026-36651

7.2CVSS5.4AI score0.00312EPSS

Positive Technologies•added 2026/06/13 12:0 a.m.•12 views

PT-2026-49091

Name of the Vulnerable Software and Affected Versions Bookly versions prior to 27.3 Description The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping...

Patchstack•added 2026/05/10 3:20 p.m.•7 views

Exploits1References9

WordPress Bookly plugin <= 27.4 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Tiago Ventura @perses in WordPress Plugin Bookly versions = 27.4...

5.8AI score0.00294EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/04/13 7:23 p.m.•5 views

CVE-2026-2519

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due to the plugin trusting a user-supplied input without server-side validation against the configure...

5.3CVSS5.7AI score0.00452EPSS