Online Scheduling And Appointment Booking System – Bookly CVEs and Security Vulnerabilities - OpenCVE

Filtered by vendor Ladela Subscriptions

Filtered by product Online Scheduling And Appointment Booking System – Bookly Subscriptions

Search

Switch to Advanced Search (Beta)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-2519	2 Ladela, Wordpress	2 Online Scheduling And Appointment Booking System – Bookly, Wordpress	2026-04-10	5.3 Medium
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due to the plugin trusting a user-supplied input without server-side validation against the configured price. This makes it possible for unauthenticated attackers to submit a negative number to the 'tips' parameter, causing the total price to be reduced to zero.

Page 1 of 1.