94 matches found
CVE-2024-5584
The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2023-26526
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1...
CVE-2023-1172
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
CVE-2023-1159
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary...
CVE-2024-5584
The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-5584
CVE-2024-5584 : WordPress Bookly plugin (Bookly Online Booking and Scheduling) is vulnerable to a Stored XSS via the Color Profile parameter in all versions up to 23.2. Exploitation requires an authenticated attacker with staff/member role and Subscriber-level access or higher, enabling injection...
Wordpress Bookly plugin <= 23.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via Color Profile Parameter vulnerability discovered by 0xBishop in WordPress Plugin Bookly versions = 23.2...
WordPress Bookly Plugin <= 23.2 is vulnerable to Cross Site Scripting (XSS)
Software Bookly Type Plugin Vulnerable versions = 23.2 Fixed in 23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5584 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6392bd62a07f Credits 0xBishop Required privilege...
WordPress plugin WordPress Online Booking and Scheduling Plugin - Bookly Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WordPress...
WordPress Online Booking and Scheduling Plugin – Bookly < 23.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter
Description The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible f...
CVE-2023-26526
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1...
CVE-2023-26526
CVE-2023-26526 affects WordPress Bookly plugin versions =21.8 to remediate.
CVE-2023-26526 WordPress Bookly plugin <= 21.7.1 - Authenticated Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1...
CVE-2023-26526 WordPress Bookly plugin <= 21.7.1 - Authenticated Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1...
WordPress plugin Bookly 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
Bookly < 22.5 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. As an admin user, visit the Bookly...
WordPress Bookly Plugin < 22.4 is vulnerable to SQL Injection
Software Bookly Type Plugin Vulnerable versions 22.4 Fixed in 22.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-4691 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 87844051842a Credits Pablo Sanchez Required privilege Administrator Published 17...
CVE-2023-4691 Bookly < 22.4 - Admin+ SQLi
The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
Bookly < 22.4 - Admin+ SQLi
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin Go to Bookly Settings Logs Do a search and intercept the request The parameter columns%5B0%5D%5Bdata%5D with...
Bookly < 22.4 - Admin+ SQLi
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC Go to Bookly Settings Logs Do a search and intercept the request The parameter columns%5B0%5D%5Bdata%5D wit...