Handy FB Scripts

Free FB Extensions

Social Applications
Free Social Applications
Neww
Social Media Scripts

G+,LinkedIn & Other

WordPress Bookly Lite 13.2 Cross Site Scripting

In January I found a stored XSS in Bookly WP Plugin (10,000+ download for
Lite version on official WordPress plugin site and 18,000+ for Pro version
on CodeCanyon).

Link of Bookly In January I found a stored XSS in Bookly WP Plugin (10,000+ download for
Lite version on official WordPress plugin site and 18,000+ for Pro version
on CodeCanyon).

Link of Bookly stored XSS proof-of-concept:
https://www.gubello.me/blog/bookly-blind-stored-xss/

During the booking phase, an unauthenticated user can inject arbitrary
code into the *Name* field of the plugin. The code will run in the admin
panel when an administrator checks the payments on the page
*bookly-payments*."

Print Email

Copyright © 2016 Twitter/shreateh