57 matches found
CVE-2023-1159
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary...
Cross site scripting
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary...
CVE-2023-1159
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary...
CVE-2023-1159
CVE-2023-1159 (Bookly WordPress plugin) stores scripts via service titles, allowing authenticated admins to inject XSS on pages. Affects Bookly up to version 21.5, with multisite and unfiltered_html-disabled installations at risk. Remediation: upgrade to a version >21.5 (Wordfence/Patchstack n...
PT-2023-16789 · WordPress · Bookly
Name of the Vulnerable Software and Affected Versions: Bookly plugin for WordPress versions up to, and including, 21.5 Description: The issue is related to Stored Cross-Site Scripting via service titles due to insufficient input sanitization and output escaping. This allows authenticated attacker...
Bookly < 21.8 - Admin+ Stored Cross-Site Scripting via service titles
The plugin does not sanitize and escape service titles in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...
WordPress Bookly Plugin <= 21.7.1 is vulnerable to Arbitrary File Deletion
Software Bookly Type Plugin Vulnerable versions = 21.7.1 Fixed in 21.8 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-26526 Patch priority Medium CVSS severity Medium 7.7 Developer Claim ownership PSID a06cfd6ac407 Credits Rafie Muhammad Patchstack...
WordPress Bookly Plugin <= 21.5 is vulnerable to Cross Site Scripting (XSS)
Software Bookly Type Plugin Vulnerable versions = 21.5 Fixed in 21.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1172 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID bf269ba04df0 Credits Vinay Kumar Required privilege...
CVE-2023-1172
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
CVE-2023-1172
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
Cross site scripting
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
CVE-2023-1172
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
PT-2023-16798 · WordPress · Bookly
Name of the Vulnerable Software and Affected Versions: Bookly plugin for WordPress versions up to, and including, 21.5 Description: The issue is related to Stored Cross-Site Scripting via the full name value due to insufficient input sanitization and output escaping. This allows unauthenticated...
WordPress Plugin Bookly 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists...
WordPress plugin Bookly 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress Bookly plugin <= 20.3 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Mesut Cetin in WordPress Bookly plugin versions = 20.3. Solution Update the WordPress Bookly plugin to the latest available version at least 20.3.1...
PT-2018-17806 · WordPress · Bookly
Name of the Vulnerable Software and Affected Versions: Bookly 1 WordPress Booking Plugin Lite versions prior to 14.5 Description: The issue concerns a cross-site scripting XSS flaw. It is triggered by a jQuery.ajax request to the ng-payment details dialog.js file. Recommendations: For Bookly 1...