WordPress Plugin Vulnerabilities
Bookly < 20.3.1 - Staff Member Stored Cross-Site Scripting
Description
The plugin does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue
Proof of Concept
As a Staff Member, put the following payload in your Full Name (Booklyn --> Profile --> Edit --> Full Name): <script>alert(/XSS/)</script> The XSS will be triggered when an admin open the Staff members order page (Booklyn --> Staff Members --> Staff member order)
Affects Plugins
Fixed in version 20.3.1
References
Classification
Miscellaneous
Original Researcher
Mesut Cetin
Submitter
Mesut Cetin
Verified
Yes
Timeline
Publicly Published
2021-11-08 (about 9 months ago)
Added
2021-11-08 (about 9 months ago)
Last Updated
2022-04-12 (about 4 months ago)