Lucene search
K

57 matches found

CVE
CVE
added 2026/03/25 4:15 p.m.13 views

CVE-2026-32540

CVE-2026-32540 is a reflected XSS in Bookly’s WordPress plugin (bookly-responsive-appointment-booking-tool) affecting versions up to and including 26.7. Root cause: improper input neutralization during web page generation. Exploitation details are not fully provided in the initial document, but t...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:15 p.m.4 views

CVE-2026-32540 WordPress Bookly plugin <= 26.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bookly Bookly bookly-responsive-appointment-booking-tool allows Reflected XSS.This issue affects Bookly: from n/a through = 26.7...

5.8AI score0.00146EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/20 8:33 p.m.7 views

WordPress Bookly plugin <= 26.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by ickogz in WordPress Plugin Bookly versions = 26.7...

7.1CVSS5.8AI score0.00146EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:8 p.m.17 views

CVE-2018-6891

Bookly 1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-paymentdetailsdialog.js...

6.1CVSS5.7AI score0.01001EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-23442

Malicious code in bioql PyPI...

4.8CVSS6.4AI score0.00373EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-23454

Malicious code in bioql PyPI...

7.2CVSS6.9AI score0.00464EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:49 a.m.4 views

CVE-2024-5584

The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:32 a.m.7 views

CVE-2023-1172

The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

7.2CVSS5.9AI score0.00464EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:13 a.m.12 views

CVE-2023-1159

The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary...

4.8CVSS5.8AI score0.00373EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/06/11 10:15 a.m.3 views

CVE-2024-5584

The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6.1AI score0.0031EPSS
Exploits0References3
CVE
CVE
added 2024/06/11 9:32 a.m.58 views

CVE-2024-5584

CVE-2024-5584 : WordPress Bookly plugin (Bookly Online Booking and Scheduling) is vulnerable to a Stored XSS via the Color Profile parameter in all versions up to 23.2. Exploitation requires an authenticated attacker with staff/member role and Subscriber-level access or higher, enabling injection...

6.4CVSS5.9AI score0.0031EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/06/11 5:46 a.m.4 views

Wordpress Bookly plugin <= 23.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Color Profile Parameter vulnerability discovered by 0xBishop in WordPress Plugin Bookly versions = 23.2...

6.4CVSS5.8AI score0.0031EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/11 12:0 a.m.7 views

WordPress Bookly Plugin <= 23.2 is vulnerable to Cross Site Scripting (XSS)

Software Bookly Type Plugin Vulnerable versions = 23.2 Fixed in 23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5584 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6392bd62a07f Credits 0xBishop Required privilege...

6.4CVSS5.6AI score0.0031EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/05/17 12:0 a.m.5 views

WordPress plugin Bookly 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

7.7CVSS8.8AI score0.00912EPSS
Exploits0References2
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.145 views

Bookly < 22.5 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. As an admin user, visit the Bookly...

4.8CVSS4.8AI score0.00451EPSS
Exploits2
Patchstack
Patchstack
added 2023/10/17 12:0 a.m.20 views

WordPress Bookly Plugin < 22.4 is vulnerable to SQL Injection

Software Bookly Type Plugin Vulnerable versions 22.4 Fixed in 22.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-4691 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 87844051842a Credits Pablo Sanchez Required privilege Administrator Published 17...

7.2CVSS6.8AI score0.00717EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/16 7:39 p.m.6 views

CVE-2023-4691 Bookly < 22.4 - Admin+ SQLi

The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.2AI score0.00717EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/09/25 12:0 a.m.17 views

Bookly < 22.4 - Admin+ SQLi

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC Go to Bookly Settings Logs Do a search and intercept the request The parameter columns%5B0%5D%5Bdata%5D wit...

7.2CVSS7.2AI score0.00717EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2023/06/22 12:0 a.m.10 views

WordPress Bookly Plugin < 21.8 is vulnerable to Cross Site Scripting (XSS)

Software Bookly Type Plugin Vulnerable versions 21.8 Fixed in 21.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1159 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0b73bad90da8 Credits Vinay Kumar Required privilege...

4.8CVSS5.8AI score0.00373EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/06/02 7:15 a.m.3 views

CVE-2023-1159

The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary...

4.8CVSS6.7AI score0.00373EPSS
Exploits0References2
Rows per page
Query Builder