Sitelock Issues

  • Resolved macsavers

    (@macsavers)


    6 years ago

    I keep getting a critical issue with your plugin, despite the updates. It keeps saying that an unauthenticated user can inject arbitrary persistent javascript code in the admin panel due to the XSS portion of your plugin.

    Here’s the Summary: Bookly #1 WordPress Booking Plugin (Lite) <= 13.2 a€“ Unauthenticated Blind Stored XSS

    I’d love to see this resolved. My boss is very nervous because of this.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author wpdevelop

    (@wpdevelop)

    Hello.

    1) Please note, in your summary is mentioned ” Bookly #1 WordPress Booking Plugin (Lite) ” ,

    Its does not original “Booking Calendar” plugin. Its other not our product.

    ” Bookly #1 WordPress Booking Plugin (Lite) ” – https://www.ads-software.com/plugins/bookly-responsive-appointment-booking-tool/

    And the original our “Booking Calendar” plugin you can check here https://www.ads-software.com/plugins/booking/

    Additionly Booking Calendar plugin does not have version 13.2, which is mentioned in your description.

    The latest version of Booking Calendar is 8.4.6

    2) Probabaly there some mistake relative to the “term” of scanning plugins about the issues. So it’s automatcially show issue in Booking Calendar plugin an issue.

    Booking Calendar have term “booking”

    And the Bookly #1 WordPress Booking Plugin (Lite) ” is – “bookly-responsive-appointment-booking-tool”.

    Kind Regards.

    Thread Starter macsavers

    (@macsavers)

    That’s weird. It shows your version, 8.4.6. It’s the only booking plugin we have. So why would it it be a different plugin?

    Here’s the full text they provide:

    Booking 8.4.6
    Severity: Critical

    Category: xss

    Summary: Bookly #1 WordPress Booking Plugin (Lite) <= 13.2 a€“ Unauthenticated Blind Stored XSS

    Description: An unauthenticated user can inject arbitrary persistent javascript code in the admin panel.

    Plugin Author wpdevelop

    (@wpdevelop)

    Hello.
    1) This info “Bookly #1 WordPress Booking Plugin (Lite) ” is about other booking plugin.

    Can you contact support where from this info is coming ?

    2) More here: https://www.gubello.me/blog/bookly-blind-stored-xss/

    and here https://owlpower.eu/wp-services/wp-security/wp-plugin-vulnerabilities-feb-2018/

    which is show interface and relative to the other plugin https://www.ads-software.com/plugins/bookly-responsive-appointment-booking-tool/

    Its does not “Booking Calendar” plugin.

    Kind Regards.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Sitelock Issues’ is closed to new replies.