Booking-wp-plugin Bookly — known CVE vulnerabilities
Every CVE whose affected-product data names Booking-wp-plugin Bookly, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2023-1172 — CVSS 7.2 (high): The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5…
CVE-2023-4691 — CVSS 7.2 (high): The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.4 does not properly sanitise and escape a parameter before…
CVE-2018-6891 — CVSS 6.1 (medium): Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js.
CVE-2021-24930 — CVSS 5.4 (medium): The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before…
CVE-2023-5209 — CVSS 4.8 (medium): The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.5 does not sanitise and escape some of its settings, which…
CVE-2023-1159 — CVSS 4.0 (medium): The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due…