Lucene search
+L

94 matches found

redhatcve
redhatcve
added 2025/05/23 8:49 a.m.4 views

CVE-2024-5584

The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5AI score0.0031EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 3:29 a.m.5 views

CVE-2023-26526

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1...

7.7CVSS6.8AI score0.00912EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 2:32 a.m.7 views

CVE-2023-1172

The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

7.2CVSS5.9AI score0.00464EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 2:13 a.m.12 views

CVE-2023-1159

The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary...

4.8CVSS5.8AI score0.00373EPSS
Exploits0References1
attackerkb
attackerkb
added 2024/06/11 10:15 a.m.3 views

CVE-2024-5584

The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6.1AI score0.0031EPSS
Exploits0References3
cve
cve
added 2024/06/11 9:32 a.m.58 views

CVE-2024-5584

CVE-2024-5584 : WordPress Bookly plugin (Bookly Online Booking and Scheduling) is vulnerable to a Stored XSS via the Color Profile parameter in all versions up to 23.2. Exploitation requires an authenticated attacker with staff/member role and Subscriber-level access or higher, enabling injection...

6.4CVSS5.9AI score0.0031EPSS
Exploits0References2
patchstack
patchstack
added 2024/06/11 5:46 a.m.4 views

Wordpress Bookly plugin <= 23.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Color Profile Parameter vulnerability discovered by 0xBishop in WordPress Plugin Bookly versions = 23.2...

6.4CVSS5.8AI score0.0031EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/06/11 12:0 a.m.7 views

WordPress Bookly Plugin <= 23.2 is vulnerable to Cross Site Scripting (XSS)

Software Bookly Type Plugin Vulnerable versions = 23.2 Fixed in 23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5584 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6392bd62a07f Credits 0xBishop Required privilege...

6.4CVSS5.6AI score0.0031EPSS
Exploits0References3Affected Software1
cnnvd
cnnvd
added 2024/06/11 12:0 a.m.4 views

WordPress plugin WordPress Online Booking and Scheduling Plugin - Bookly Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WordPress...

6.4CVSS5.9AI score0.0031EPSS
Exploits0References4
wpvulndb
wpvulndb
added 2024/06/10 12:0 a.m.13 views

WordPress Online Booking and Scheduling Plugin – Bookly < 23.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter

Description The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible f...

6.4CVSS5.7AI score0.0031EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2024/05/17 7:15 a.m.18 views

CVE-2023-26526

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1...

7.7CVSS7.5AI score0.00912EPSS
Exploits0References1
cve
cve
added 2024/05/17 6:41 a.m.55 views

CVE-2023-26526

CVE-2023-26526 affects WordPress Bookly plugin versions =21.8 to remediate.

7.7CVSS6.7AI score0.00912EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/05/17 6:41 a.m.17 views

CVE-2023-26526 WordPress Bookly plugin <= 21.7.1 - Authenticated Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1...

7.7CVSS6.8AI score0.00912EPSS
Exploits0References1
cvelist
cvelist
added 2024/05/17 6:41 a.m.30 views

CVE-2023-26526 WordPress Bookly plugin <= 21.7.1 - Authenticated Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1...

7.7CVSS7.5AI score0.00912EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/05/17 12:0 a.m.5 views

WordPress plugin Bookly 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

7.7CVSS8.8AI score0.00912EPSS
Exploits0References2
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.145 views

Bookly < 22.5 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. As an admin user, visit the Bookly...

4.8CVSS4.8AI score0.00451EPSS
Exploits2
patchstack
patchstack
added 2023/10/17 12:0 a.m.20 views

WordPress Bookly Plugin < 22.4 is vulnerable to SQL Injection

Software Bookly Type Plugin Vulnerable versions 22.4 Fixed in 22.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-4691 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 87844051842a Credits Pablo Sanchez Required privilege Administrator Published 17...

7.2CVSS6.8AI score0.00717EPSS
Exploits2References3Affected Software1
vulnrichment
vulnrichment
added 2023/10/16 7:39 p.m.6 views

CVE-2023-4691 Bookly < 22.4 - Admin+ SQLi

The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.2AI score0.00717EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.168 views

Bookly < 22.4 - Admin+ SQLi

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin Go to Bookly Settings Logs Do a search and intercept the request The parameter columns%5B0%5D%5Bdata%5D with...

7.2CVSS7.3AI score0.00717EPSS
Exploits2
wpvulndb
wpvulndb
added 2023/09/25 12:0 a.m.17 views

Bookly < 22.4 - Admin+ SQLi

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC Go to Bookly Settings Logs Do a search and intercept the request The parameter columns%5B0%5D%5Bdata%5D wit...

7.2CVSS7.2AI score0.00717EPSS
Exploits2Affected Software1
Rows per page
Query Builder