CVE-2021-24930

CVE-2021-24930: Bookly < 20.3.1 - Staff Member Stored Cross-Site Scripting

Vendor Unknown
Product WordPress Online Booking and Scheduling Plugin – Bookly
Weakness CWE-79 · XSS
Published December 6, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue

Key dates

02Disclosure timeline

December 6, 2021 CVE published
August 3, 2024 Record updated