Stored Cross-Site Scripting in Bookly Plugin for WordPress
CVE-2023-1159
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 2 June 2023
What is CVE-2023-1159?
The Bookly plugin for WordPress has a vulnerability that allows authenticated users with administrative privileges to execute arbitrary web scripts through service titles. This issue arises from inadequate input sanitization and output escaping, specifically impacting multi-site setups and installations where unfiltered HTML has been disabled. When exploited, this vulnerability enables attackers to inject malicious scripts into pages, executing them when users access these compromised pages.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
WordPress Online Booking and Scheduling Plugin β Bookly 21.7
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved