Vulnerability Details CVE-2023-5209
The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.5%
CVSS Severity
CVSS v3 Score 4.8
References
Products affected by CVE-2023-5209
-
cpe:2.3:a:booking-wp-plugin:bookly:1.1.7
-
cpe:2.3:a:booking-wp-plugin:bookly:1.1.8
-
cpe:2.3:a:booking-wp-plugin:bookly:1.1.9
-
cpe:2.3:a:booking-wp-plugin:bookly:1.2.0
-
cpe:2.3:a:booking-wp-plugin:bookly:1.9
-
cpe:2.3:a:booking-wp-plugin:bookly:10.0
-
cpe:2.3:a:booking-wp-plugin:bookly:10.1
-
cpe:2.3:a:booking-wp-plugin:bookly:10.10
-
cpe:2.3:a:booking-wp-plugin:bookly:10.11
-
cpe:2.3:a:booking-wp-plugin:bookly:10.12
-
cpe:2.3:a:booking-wp-plugin:bookly:10.2
-
cpe:2.3:a:booking-wp-plugin:bookly:10.3
-
cpe:2.3:a:booking-wp-plugin:bookly:10.4
-
cpe:2.3:a:booking-wp-plugin:bookly:10.5
-
cpe:2.3:a:booking-wp-plugin:bookly:10.6
-
cpe:2.3:a:booking-wp-plugin:bookly:10.7
-
cpe:2.3:a:booking-wp-plugin:bookly:10.8
-
cpe:2.3:a:booking-wp-plugin:bookly:10.9
-
cpe:2.3:a:booking-wp-plugin:bookly:11.0
-
cpe:2.3:a:booking-wp-plugin:bookly:11.1
-
cpe:2.3:a:booking-wp-plugin:bookly:11.2
-
cpe:2.3:a:booking-wp-plugin:bookly:11.3
-
cpe:2.3:a:booking-wp-plugin:bookly:11.4
-
cpe:2.3:a:booking-wp-plugin:bookly:11.5
-
cpe:2.3:a:booking-wp-plugin:bookly:11.6
-
cpe:2.3:a:booking-wp-plugin:bookly:11.7
-
cpe:2.3:a:booking-wp-plugin:bookly:11.8
-
cpe:2.3:a:booking-wp-plugin:bookly:12.0
-
cpe:2.3:a:booking-wp-plugin:bookly:12.1
-
cpe:2.3:a:booking-wp-plugin:bookly:13.0
-
cpe:2.3:a:booking-wp-plugin:bookly:13.1
-
cpe:2.3:a:booking-wp-plugin:bookly:13.2
-
cpe:2.3:a:booking-wp-plugin:bookly:13.3
-
cpe:2.3:a:booking-wp-plugin:bookly:13.4
-
cpe:2.3:a:booking-wp-plugin:bookly:13.5
-
cpe:2.3:a:booking-wp-plugin:bookly:13.6
-
cpe:2.3:a:booking-wp-plugin:bookly:13.7
-
cpe:2.3:a:booking-wp-plugin:bookly:13.8
-
cpe:2.3:a:booking-wp-plugin:bookly:13.9
-
cpe:2.3:a:booking-wp-plugin:bookly:14.0
-
cpe:2.3:a:booking-wp-plugin:bookly:14.1
-
cpe:2.3:a:booking-wp-plugin:bookly:14.2
-
cpe:2.3:a:booking-wp-plugin:bookly:14.3
-
cpe:2.3:a:booking-wp-plugin:bookly:14.4
-
cpe:2.3:a:booking-wp-plugin:bookly:14.5
-
cpe:2.3:a:booking-wp-plugin:bookly:14.6
-
cpe:2.3:a:booking-wp-plugin:bookly:14.7
-
cpe:2.3:a:booking-wp-plugin:bookly:14.8
-
cpe:2.3:a:booking-wp-plugin:bookly:14.9
-
cpe:2.3:a:booking-wp-plugin:bookly:15.0
-
cpe:2.3:a:booking-wp-plugin:bookly:15.1
-
cpe:2.3:a:booking-wp-plugin:bookly:15.2
-
cpe:2.3:a:booking-wp-plugin:bookly:16.0
-
cpe:2.3:a:booking-wp-plugin:bookly:16.1
-
cpe:2.3:a:booking-wp-plugin:bookly:16.2
-
cpe:2.3:a:booking-wp-plugin:bookly:16.3
-
cpe:2.3:a:booking-wp-plugin:bookly:16.4
-
cpe:2.3:a:booking-wp-plugin:bookly:16.5
-
cpe:2.3:a:booking-wp-plugin:bookly:16.6
-
cpe:2.3:a:booking-wp-plugin:bookly:16.7
-
cpe:2.3:a:booking-wp-plugin:bookly:16.8
-
cpe:2.3:a:booking-wp-plugin:bookly:16.9
-
cpe:2.3:a:booking-wp-plugin:bookly:17.0
-
cpe:2.3:a:booking-wp-plugin:bookly:17.1
-
cpe:2.3:a:booking-wp-plugin:bookly:17.2
-
cpe:2.3:a:booking-wp-plugin:bookly:17.3
-
cpe:2.3:a:booking-wp-plugin:bookly:17.4
-
cpe:2.3:a:booking-wp-plugin:bookly:17.5
-
cpe:2.3:a:booking-wp-plugin:bookly:17.6
-
cpe:2.3:a:booking-wp-plugin:bookly:17.7
-
cpe:2.3:a:booking-wp-plugin:bookly:17.8
-
cpe:2.3:a:booking-wp-plugin:bookly:17.9
-
cpe:2.3:a:booking-wp-plugin:bookly:18.0
-
cpe:2.3:a:booking-wp-plugin:bookly:18.1
-
cpe:2.3:a:booking-wp-plugin:bookly:18.2
-
cpe:2.3:a:booking-wp-plugin:bookly:18.3
-
cpe:2.3:a:booking-wp-plugin:bookly:18.4
-
cpe:2.3:a:booking-wp-plugin:bookly:18.5
-
cpe:2.3:a:booking-wp-plugin:bookly:18.6
-
cpe:2.3:a:booking-wp-plugin:bookly:18.7
-
cpe:2.3:a:booking-wp-plugin:bookly:18.8
-
cpe:2.3:a:booking-wp-plugin:bookly:18.9
-
cpe:2.3:a:booking-wp-plugin:bookly:19.0
-
cpe:2.3:a:booking-wp-plugin:bookly:19.1
-
cpe:2.3:a:booking-wp-plugin:bookly:19.2
-
cpe:2.3:a:booking-wp-plugin:bookly:19.3
-
cpe:2.3:a:booking-wp-plugin:bookly:19.4
-
cpe:2.3:a:booking-wp-plugin:bookly:19.5
-
cpe:2.3:a:booking-wp-plugin:bookly:19.6
-
cpe:2.3:a:booking-wp-plugin:bookly:19.6.1
-
cpe:2.3:a:booking-wp-plugin:bookly:19.7
-
cpe:2.3:a:booking-wp-plugin:bookly:19.8
-
cpe:2.3:a:booking-wp-plugin:bookly:19.9
-
cpe:2.3:a:booking-wp-plugin:bookly:19.9.1
-
cpe:2.3:a:booking-wp-plugin:bookly:2.0
-
cpe:2.3:a:booking-wp-plugin:bookly:2.0.1
-
cpe:2.3:a:booking-wp-plugin:bookly:2.1.0
-
cpe:2.3:a:booking-wp-plugin:bookly:2.2.0
-
cpe:2.3:a:booking-wp-plugin:bookly:2.2.1
-
cpe:2.3:a:booking-wp-plugin:bookly:2.2.2
-
cpe:2.3:a:booking-wp-plugin:bookly:2.2.3
-
cpe:2.3:a:booking-wp-plugin:bookly:20.0
-
cpe:2.3:a:booking-wp-plugin:bookly:20.1
-
cpe:2.3:a:booking-wp-plugin:bookly:20.1.1
-
cpe:2.3:a:booking-wp-plugin:bookly:20.2
-
cpe:2.3:a:booking-wp-plugin:bookly:20.3
-
cpe:2.3:a:booking-wp-plugin:bookly:20.3.1
-
cpe:2.3:a:booking-wp-plugin:bookly:20.3.2
-
cpe:2.3:a:booking-wp-plugin:bookly:20.3.3
-
cpe:2.3:a:booking-wp-plugin:bookly:20.4
-
cpe:2.3:a:booking-wp-plugin:bookly:21.5
-
cpe:2.3:a:booking-wp-plugin:bookly:21.5.1
-
cpe:2.3:a:booking-wp-plugin:bookly:22.2
-
cpe:2.3:a:booking-wp-plugin:bookly:22.4
-
cpe:2.3:a:booking-wp-plugin:bookly:22.4.1
-
cpe:2.3:a:booking-wp-plugin:bookly:22.5
-
cpe:2.3:a:booking-wp-plugin:bookly:3.0
-
cpe:2.3:a:booking-wp-plugin:bookly:3.0.1
-
cpe:2.3:a:booking-wp-plugin:bookly:3.1
-
cpe:2.3:a:booking-wp-plugin:bookly:3.2.1
-
cpe:2.3:a:booking-wp-plugin:bookly:3.2.2
-
cpe:2.3:a:booking-wp-plugin:bookly:3.3
-
cpe:2.3:a:booking-wp-plugin:bookly:3.4.
-
cpe:2.3:a:booking-wp-plugin:bookly:3.4.1
-
cpe:2.3:a:booking-wp-plugin:bookly:3.4.2
-
cpe:2.3:a:booking-wp-plugin:bookly:4.0
-
cpe:2.3:a:booking-wp-plugin:bookly:4.1
-
cpe:2.3:a:booking-wp-plugin:bookly:4.2
-
cpe:2.3:a:booking-wp-plugin:bookly:4.3
-
cpe:2.3:a:booking-wp-plugin:bookly:4.4
-
cpe:2.3:a:booking-wp-plugin:bookly:4.5
-
cpe:2.3:a:booking-wp-plugin:bookly:4.5.1
-
cpe:2.3:a:booking-wp-plugin:bookly:4.6
-
cpe:2.3:a:booking-wp-plugin:bookly:5.0
-
cpe:2.3:a:booking-wp-plugin:bookly:5.1
-
cpe:2.3:a:booking-wp-plugin:bookly:5.2
-
cpe:2.3:a:booking-wp-plugin:bookly:5.2.1
-
cpe:2.3:a:booking-wp-plugin:bookly:5.2.2
-
cpe:2.3:a:booking-wp-plugin:bookly:5.2.3
-
cpe:2.3:a:booking-wp-plugin:bookly:6.0
-
cpe:2.3:a:booking-wp-plugin:bookly:6.1
-
cpe:2.3:a:booking-wp-plugin:bookly:6.2
-
cpe:2.3:a:booking-wp-plugin:bookly:6.3
-
cpe:2.3:a:booking-wp-plugin:bookly:7.0
-
cpe:2.3:a:booking-wp-plugin:bookly:7.0.1
-
cpe:2.3:a:booking-wp-plugin:bookly:7.1
-
cpe:2.3:a:booking-wp-plugin:bookly:7.2
-
cpe:2.3:a:booking-wp-plugin:bookly:7.3
-
cpe:2.3:a:booking-wp-plugin:bookly:7.3.1
-
cpe:2.3:a:booking-wp-plugin:bookly:7.4
-
cpe:2.3:a:booking-wp-plugin:bookly:7.5
-
cpe:2.3:a:booking-wp-plugin:bookly:7.6
-
cpe:2.3:a:booking-wp-plugin:bookly:7.6.1
-
cpe:2.3:a:booking-wp-plugin:bookly:7.7
-
cpe:2.3:a:booking-wp-plugin:bookly:7.7.1
-
cpe:2.3:a:booking-wp-plugin:bookly:7.7.2
-
cpe:2.3:a:booking-wp-plugin:bookly:7.7.3
-
cpe:2.3:a:booking-wp-plugin:bookly:7.7.4
-
cpe:2.3:a:booking-wp-plugin:bookly:7.8
-
cpe:2.3:a:booking-wp-plugin:bookly:7.8.1
-
cpe:2.3:a:booking-wp-plugin:bookly:7.8.2
-
cpe:2.3:a:booking-wp-plugin:bookly:7.8.3
-
cpe:2.3:a:booking-wp-plugin:bookly:7.9
-
cpe:2.3:a:booking-wp-plugin:bookly:7.9.1
-
cpe:2.3:a:booking-wp-plugin:bookly:8.0
-
cpe:2.3:a:booking-wp-plugin:bookly:8.1
-
cpe:2.3:a:booking-wp-plugin:bookly:8.2
-
cpe:2.3:a:booking-wp-plugin:bookly:8.3
-
cpe:2.3:a:booking-wp-plugin:bookly:8.4.
-
cpe:2.3:a:booking-wp-plugin:bookly:8.5
-
cpe:2.3:a:booking-wp-plugin:bookly:8.5.1
-
cpe:2.3:a:booking-wp-plugin:bookly:8.5.2
-
cpe:2.3:a:booking-wp-plugin:bookly:9.0
-
cpe:2.3:a:booking-wp-plugin:bookly:9.1
-
cpe:2.3:a:booking-wp-plugin:bookly:9.1.1
-
cpe:2.3:a:booking-wp-plugin:bookly:9.2
-
cpe:2.3:a:booking-wp-plugin:bookly:9.3
-
cpe:2.3:a:booking-wp-plugin:bookly:9.4