cleantalk
Vulnerabilities and Security Researches

WordPress Online Booking and Scheduling Plugin – Bookly, CVE-2018-6891

CVE, Research URL

CVE-2018-6891

Home page URL

Security reports for WordPress Online Booking and Scheduling Plugin – Bookly

Application

WordPress Online Booking and Scheduling Plugin – Bookly

Published on
Feb 11, 2018
Research Description
Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js.
Affected versions
max 14.6.
Status
vulnerable
Previous vulnerability researches
WordPress Online Booking and Scheduling Plugin – Bookly (CVE-2026-42667) , May 22, 2026
WordPress Online Booking and Scheduling Plugin – Bookly (CVE-2023-5209) , Jun 06, 2024
WordPress Online Booking and Scheduling Plugin – Bookly (CVE-2021-24930) , Jun 06, 2024
WordPress Online Booking and Scheduling Plugin – Bookly (CVE-2023-26526) , Jun 06, 2024
WordPress Online Booking and Scheduling Plugin – Bookly (CVE-2023-1159) , Jun 06, 2024
New vulnerability
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-15369) , May 22, 2026
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2026-42676) , May 22, 2026
Stripe Payment Plugin for WooCommerce (CVE-2026-45217) , May 22, 2026
YITH WooCommerce Product Add-Ons (CVE-2026-42383) , May 22, 2026
Quick Table (CVE-2026-6237) , May 22, 2026