Vulnerabilities > Booking WP Plugin > Bookly > 10.10

DATE CVE VULNERABILITY TITLE RISK
2023-11-27 CVE-2023-5209 Cross-site Scripting vulnerability in Booking-Wp-Plugin Bookly
The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
network
low complexity
booking-wp-plugin CWE-79
4.8
4.8
2023-10-16 CVE-2023-4691 Unspecified vulnerability in Booking-Wp-Plugin Bookly
The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
network
low complexity
booking-wp-plugin
7.2
7.2
2023-06-02 CVE-2023-1159 Cross-site Scripting vulnerability in Booking-Wp-Plugin Bookly
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping.
network
low complexity
booking-wp-plugin CWE-79
4.8
4.8
2023-03-17 CVE-2023-1172 Unspecified vulnerability in Booking-Wp-Plugin Bookly
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping.
network
low complexity
booking-wp-plugin
6.1
6.1
2018-02-11 CVE-2018-6891 Cross-site Scripting vulnerability in Booking-Wp-Plugin Bookly
Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js.
network
low complexity
booking-wp-plugin CWE-79
6.1
6.1