cleantalk
Vulnerabilities and Security Researches

WordPress Online Booking and Scheduling Plugin – Bookly, CVE-2023-26526

CVE, Research URL

CVE-2023-26526

Home page URL

Security reports for WordPress Online Booking and Scheduling Plugin – Bookly

Application

WordPress Online Booking and Scheduling Plugin – Bookly

Published on
May 17, 2024
Research Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1.
Affected versions
max 21.8.
Status
vulnerable
Previous vulnerability researches
WordPress Online Booking and Scheduling Plugin – Bookly (CVE-2026-42667) , May 22, 2026
WordPress Online Booking and Scheduling Plugin – Bookly (CVE-2023-5209) , Jun 06, 2024
WordPress Online Booking and Scheduling Plugin – Bookly (CVE-2021-24930) , Jun 06, 2024
WordPress Online Booking and Scheduling Plugin – Bookly (CVE-2023-26526) , Jun 06, 2024
WordPress Online Booking and Scheduling Plugin – Bookly (CVE-2023-1159) , Jun 06, 2024
New vulnerability
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-15369) , May 22, 2026
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2026-42676) , May 22, 2026
Stripe Payment Plugin for WooCommerce (CVE-2026-45217) , May 22, 2026
YITH WooCommerce Product Add-Ons (CVE-2026-42383) , May 22, 2026
Quick Table (CVE-2026-6237) , May 22, 2026