CVE-2023-1159
CVE-2023-1159 (Bookly WordPress plugin) stores scripts via service titles, allowing authenticated admins to inject XSS on pages. Affects Bookly up to version 21.5, with multisite and unfiltered_html-disabled installations at risk. Remediation: upgrade to a version >21.5 (Wordfence/Patchstack n...