4 matches found
CVE-2026-32540
CVE-2026-32540 is a reflected XSS in Bookly’s WordPress plugin (bookly-responsive-appointment-booking-tool) affecting versions up to and including 26.7. Root cause: improper input neutralization during web page generation. Exploitation details are not fully provided in the initial document, but t...
CVE-2026-32540 WordPress Bookly plugin <= 26.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bookly Bookly bookly-responsive-appointment-booking-tool allows Reflected XSS.This issue affects Bookly: from n/a through = 26.7...
WordPress Bookly Plugin <= 23.2 is vulnerable to Cross Site Scripting (XSS)
Software Bookly Type Plugin Vulnerable versions = 23.2 Fixed in 23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5584 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6392bd62a07f Credits 0xBishop Required privilege...
CVE-2023-26526 WordPress Bookly plugin <= 21.7.1 - Authenticated Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1...