Lucene search
K

57 matches found

OSV
OSV
added 2023/06/02 7:15 a.m.3 views

CVE-2023-1159

The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary...

4.8CVSS6.7AI score0.00373EPSS
Exploits0References2
Prion
Prion
added 2023/06/02 7:15 a.m.14 views

Cross site scripting

The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary...

4.3CVSS4.7AI score0.00373EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/02 6:6 a.m.23 views

CVE-2023-1159

The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary...

4CVSS5.8AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 2023/06/02 6:6 a.m.63 views

CVE-2023-1159

CVE-2023-1159 (Bookly WordPress plugin) stores scripts via service titles, allowing authenticated admins to inject XSS on pages. Affects Bookly up to version 21.5, with multisite and unfiltered_html-disabled installations at risk. Remediation: upgrade to a version >21.5 (Wordfence/Patchstack n...

4.8CVSS4.9AI score0.00373EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/02 12:0 a.m.14 views

PT-2023-16789 · WordPress · Bookly

Name of the Vulnerable Software and Affected Versions: Bookly plugin for WordPress versions up to, and including, 21.5 Description: The issue is related to Stored Cross-Site Scripting via service titles due to insufficient input sanitization and output escaping. This allows authenticated attacker...

4.8CVSS5.4AI score0.00373EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2023/06/01 12:0 a.m.28 views

Bookly < 21.8 - Admin+ Stored Cross-Site Scripting via service titles

The plugin does not sanitize and escape service titles in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

4.8CVSS6.6AI score0.00373EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/05/11 12:0 a.m.11 views

WordPress Bookly Plugin <= 21.7.1 is vulnerable to Arbitrary File Deletion

Software Bookly Type Plugin Vulnerable versions = 21.7.1 Fixed in 21.8 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-26526 Patch priority Medium CVSS severity Medium 7.7 Developer Claim ownership PSID a06cfd6ac407 Credits Rafie Muhammad Patchstack...

7.7CVSS6.5AI score0.00912EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/20 12:0 a.m.16 views

WordPress Bookly Plugin <= 21.5 is vulnerable to Cross Site Scripting (XSS)

Software Bookly Type Plugin Vulnerable versions = 21.5 Fixed in 21.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1172 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID bf269ba04df0 Credits Vinay Kumar Required privilege...

7.2CVSS5.6AI score0.00464EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/03/17 1:15 p.m.2 views

CVE-2023-1172

The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

6.1CVSS6.9AI score0.00464EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/03/17 1:15 p.m.5 views

CVE-2023-1172

The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

7.2CVSS7AI score0.00464EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/03/17 1:15 p.m.15 views

Cross site scripting

The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

5.8CVSS5.8AI score0.00464EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/17 12:20 p.m.6 views

CVE-2023-1172

The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

7.2CVSS6.3AI score0.00464EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/17 12:0 a.m.4 views

PT-2023-16798 · WordPress · Bookly

Name of the Vulnerable Software and Affected Versions: Bookly plugin for WordPress versions up to, and including, 21.5 Description: The issue is related to Stored Cross-Site Scripting via the full name value due to insufficient input sanitization and output escaping. This allows unauthenticated...

7.2CVSS6.2AI score0.00464EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/03/17 12:0 a.m.6 views

WordPress Plugin Bookly 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists...

7.2CVSS6.8AI score0.00464EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/10 12:0 a.m.5 views

WordPress plugin Bookly 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

4.8CVSS6.6AI score0.00373EPSS
Exploits0References3
Patchstack
Patchstack
added 2021/11/08 12:0 a.m.17 views

WordPress Bookly plugin <= 20.3 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Mesut Cetin in WordPress Bookly plugin versions = 20.3. Solution Update the WordPress Bookly plugin to the latest available version at least 20.3.1...

5.4CVSS1.9AI score0.00604EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2018/02/11 12:0 a.m.9 views

PT-2018-17806 · WordPress · Bookly

Name of the Vulnerable Software and Affected Versions: Bookly 1 WordPress Booking Plugin Lite versions prior to 14.5 Description: The issue concerns a cross-site scripting XSS flaw. It is triggered by a jQuery.ajax request to the ng-payment details dialog.js file. Recommendations: For Bookly 1...

6.1CVSS5.9AI score0.01001EPSS
Exploits2References4
Rows per page
Query Builder