Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in WordPress Online Booking and Scheduling Plugin – Bookly 22.3.1

  • Severity: medium-risk
  • Status: Fixed
  • Publication: September 25, 2023

The Bookly plugin for WordPress, up to version 22.3.1, is vulnerable to a type of attack called SQL Injection. This type of attack happens when an attacker with administrator privileges is able to add additional commands to existing database queries. These added commands can be used to access sensitive information from the database. To reduce the risk of this type of attack, it’s important to use proper escaping on user supplied parameters and to prepare existing SQL queries.

Detected in:

Online Scheduling and Appointment Booking System – Bookly fixed vulnerable versions:
WordPress Online Booking and Scheduling Plugin – Bookly fixed vulnerable versions: >= * <= 22.3.1

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.