WordPress Bookly Lite 13.2 Cross Site Scripting

WordPress Bookly Lite 13.2 Cross Site Scripting: Posted Feb 10, 2018; Authored by Luigi Gubello; WordPress Bookly Lite plugin version 13.2 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2018-6891; SHA-256 | 1e099cc6690be2bd8587eb15b9d5614597c0c1247f792e3a27b45507ad09905a; Download | Favorite | View

WordPress Bookly Lite 13.2 Cross Site Scripting

In January I found a stored XSS in Bookly WP Plugin (10,000+ download for
Lite version on official WordPress plugin site and 18,000+ for Pro version
on CodeCanyon).

Link of Bookly stored XSS proof-of-concept:
https://www.gubello.me/blog/bookly-blind-stored-xss/

During the booking phase, an unauthenticated user can inject arbitrary
code into the *Name* field of the plugin. The code will run in the admin
panel when an administrator checks the payments on the page
*bookly-payments*."

Top Authors In Last 30 Days

Red Hat 237 files
indoushka 172 files
Jay Turla 150 files
Ubuntu 78 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,124)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,237)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,852)
UNIX (9,456)
UnixWare (188)
Windows (6,772)
Other

WordPress Bookly Lite 13.2 Cross Site Scripting

WordPress Bookly Lite 13.2 Cross Site Scripting

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

WordPress Bookly Lite 13.2 Cross Site Scripting

Share This

WordPress Bookly Lite 13.2 Cross Site Scripting

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems