57 matches found
CVE-2026-32540
CVE-2026-32540 is a reflected XSS in Bookly’s WordPress plugin (bookly-responsive-appointment-booking-tool) affecting versions up to and including 26.7. Root cause: improper input neutralization during web page generation. Exploitation details are not fully provided in the initial document, but t...
CVE-2026-32540 WordPress Bookly plugin <= 26.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bookly Bookly bookly-responsive-appointment-booking-tool allows Reflected XSS.This issue affects Bookly: from n/a through = 26.7...
WordPress Bookly plugin <= 26.7 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by ickogz in WordPress Plugin Bookly versions = 26.7...
CVE-2018-6891
Bookly 1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-paymentdetailsdialog.js...
EUVD-2023-23442
Malicious code in bioql PyPI...
EUVD-2023-23454
Malicious code in bioql PyPI...
CVE-2024-5584
The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2023-1172
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
CVE-2023-1159
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary...
CVE-2024-5584
The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-5584
CVE-2024-5584 : WordPress Bookly plugin (Bookly Online Booking and Scheduling) is vulnerable to a Stored XSS via the Color Profile parameter in all versions up to 23.2. Exploitation requires an authenticated attacker with staff/member role and Subscriber-level access or higher, enabling injection...
Wordpress Bookly plugin <= 23.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via Color Profile Parameter vulnerability discovered by 0xBishop in WordPress Plugin Bookly versions = 23.2...
WordPress Bookly Plugin <= 23.2 is vulnerable to Cross Site Scripting (XSS)
Software Bookly Type Plugin Vulnerable versions = 23.2 Fixed in 23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5584 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6392bd62a07f Credits 0xBishop Required privilege...
WordPress plugin Bookly 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
Bookly < 22.5 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. As an admin user, visit the Bookly...
WordPress Bookly Plugin < 22.4 is vulnerable to SQL Injection
Software Bookly Type Plugin Vulnerable versions 22.4 Fixed in 22.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-4691 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 87844051842a Credits Pablo Sanchez Required privilege Administrator Published 17...
CVE-2023-4691 Bookly < 22.4 - Admin+ SQLi
The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
Bookly < 22.4 - Admin+ SQLi
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC Go to Bookly Settings Logs Do a search and intercept the request The parameter columns%5B0%5D%5Bdata%5D wit...
WordPress Bookly Plugin < 21.8 is vulnerable to Cross Site Scripting (XSS)
Software Bookly Type Plugin Vulnerable versions 21.8 Fixed in 21.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1159 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0b73bad90da8 Credits Vinay Kumar Required privilege...
CVE-2023-1159
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary...