Online Scheduling And Appointment Booking System Bookly

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-2519 MEDIUM PATCH This Month

Price manipulation in Bookly WordPress plugin (versions up to 27.0) allows unauthenticated attackers to reduce appointment booking costs to zero by submitting negative values to the 'tips' parameter, exploiting insufficient server-side validation of user-supplied pricing input. No public exploit code or active exploitation has been confirmed, but the vulnerability carries moderate risk due to its ease of exploitation and direct financial impact on e-commerce transactions.

WordPress PHP Authentication Bypass Online Scheduling And Appointment Booking System Bookly
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-2519
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Price manipulation in Bookly WordPress plugin (versions up to 27.0) allows unauthenticated attackers to reduce appointment booking costs to zero by submitting negative values to the 'tips' parameter, exploiting insufficient server-side validation of user-supplied pricing input. No public exploit code or active exploitation has been confirmed, but the vulnerability carries moderate risk due to its ease of exploitation and direct financial impact on e-commerce transactions.

WordPress PHP Authentication Bypass +1
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy