Hello.
1) Please note, in your summary is mentioned ” Bookly #1 WordPress Booking Plugin (Lite) ” ,
Its does not original “Booking Calendar” plugin. Its other not our product.
” Bookly #1 WordPress Booking Plugin (Lite) ” – https://ww.wp.xz.cn/plugins/bookly-responsive-appointment-booking-tool/
And the original our “Booking Calendar” plugin you can check here https://ww.wp.xz.cn/plugins/booking/
Additionly Booking Calendar plugin does not have version 13.2, which is mentioned in your description.
The latest version of Booking Calendar is 8.4.6
2) Probabaly there some mistake relative to the “term” of scanning plugins about the issues. So it’s automatcially show issue in Booking Calendar plugin an issue.
Booking Calendar have term “booking”
And the Bookly #1 WordPress Booking Plugin (Lite) ” is – “bookly-responsive-appointment-booking-tool”.
Kind Regards.
That’s weird. It shows your version, 8.4.6. It’s the only booking plugin we have. So why would it it be a different plugin?
Here’s the full text they provide:
Booking 8.4.6
Severity: Critical
Category: xss
Summary: Bookly #1 WordPress Booking Plugin (Lite) <= 13.2 – Unauthenticated Blind Stored XSS
Description: An unauthenticated user can inject arbitrary persistent javascript code in the admin panel.
Hello.
1) This info “Bookly #1 WordPress Booking Plugin (Lite) ” is about other booking plugin.
Can you contact support where from this info is coming ?
2) More here: https://www.gubello.me/blog/bookly-blind-stored-xss/
and here https://owlpower.eu/wp-services/wp-security/wp-plugin-vulnerabilities-feb-2018/
which is show interface and relative to the other plugin https://ww.wp.xz.cn/plugins/bookly-responsive-appointment-booking-tool/
Its does not “Booking Calendar” plugin.
Kind Regards.
