57 matches found
CVE-2026-42667 WordPress Bookly plugin <= 27.4 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Bookly = 27.4 versions...
CVE-2026-42667 WordPress Bookly plugin <= 27.4 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Bookly = 27.4 versions...
CVE-2026-42667
The CVE details an unauthenticated sensitive data exposure in the WordPress Bookly plugin, version
WordPress Online Scheduling and Appointment Booking System – Bookly plugin <= 27.2 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Bookly versions = 27.2...
Exploit for CVE-2026-5513
CVE-2026-5513 — Bookly ≤ 27.2 Stored XSS via Cookie...
CVE-2026-5513
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-5513 Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-5513
The Bookly WordPress plugin (Online Scheduling and Appointment Booking System) is vulnerable to Stored XSS in versions up to 27.2 via the bookly-customer-full-name cookie due to insufficient input sanitization and output escaping. Unauthenticated attackers can inject arbitrary scripts that execut...
EUVD-2026-36651
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2026-49091
Name of the Vulnerable Software and Affected Versions Bookly versions prior to 27.3 Description The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping...
WordPress Bookly plugin <= 27.4 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Tiago Ventura @perses in WordPress Plugin Bookly versions = 27.4...
CVE-2026-2519
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due to the plugin trusting a user-supplied input without server-side validation against the configure...
WordPress Online Scheduling and Appointment Booking System - Bookly plugin <= 27.0 - Unauthenticated Price Manipulation via 'tips' vulnerability
WordPress Online Scheduling and Appointment Booking System - Bookly plugin = 27.0 - Unauthenticated Price Manipulation via 'tips' vulnerability discovered by Youssef Elouaer in WordPress Plugin Bookly versions = 27.0...
CVE-2026-2519
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due to the plugin trusting a user-supplied input without server-side validation against the configure...
CVE-2026-2519
CVE-2026-2519 : The Bookly plugin for WordPress (Online Scheduling and Appointment Booking System) up to version 27.0 is vulnerable to price manipulation via the 'tips' parameter. The vendor trusts user input without server-side validation against the configured price, enabling unauthenticated at...
CVE-2026-2519 Online Scheduling and Appointment Booking System – Bookly <= 27.0 - Unauthenticated Price Manipulation via 'tips'
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due to the plugin trusting a user-supplied input without server-side validation against the configure...
CVE-2026-2519
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due to the plugin trusting a user-supplied input without server-side validation against the configure...
PT-2026-31608
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due to the plugin trusting a user-supplied input without server-side validation against the configure...
WordPress plugin Bookly 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2026-32540
CVE-2026-32540 is a reflected XSS in Bookly’s WordPress plugin (bookly-responsive-appointment-booking-tool) affecting versions up to and including 26.7. Root cause: improper input neutralization during web page generation. Exploitation details are not fully provided in the initial document, but t...