2 matches found
CVE-2023-5209 Bookly < 22.5 - Admin+ Stored XSS
The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example ...
CVE-2023-5209
CVE-2023-5209 affects WordPress Online Booking and Scheduling Plugin (Bookly) prior to 22.5. The vulnerability arises from insufficient sanitization/escaping of certain settings, allowing Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). ...