CVE-2018-6891

CVE-2018-6891

EPSS 1.0%

Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wordpress.org/plugins/bookly-responsive-appointment-booking-tool/#developers https://www.gubello.me/blog/bookly-blind-stored-xss/