VYPR

Bookly

by Bookly

CVEs (5)

  • CVE-2023-26526HigMay 17, 2024
    risk 0.50cvss 7.7epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1.

  • CVE-2023-1172HigMar 17, 2023
    risk 0.47cvss 7.2epss 0.00

    The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web…

  • CVE-2026-32540HigMar 25, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bookly Bookly bookly-responsive-appointment-booking-tool allows Reflected XSS.This issue affects Bookly: from n/a through <= 26.7.

  • CVE-2024-5584MedJun 11, 2024
    risk 0.42cvss 6.4epss 0.00

    The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2023-1159MedJun 2, 2023
    risk 0.26cvss 4.0epss 0.00

    The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to…