CVE-2026-2519 in Bookly Plugin情報

要約

〜によって MITRE • 2026年04月09日

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due to the plugin trusting a user-supplied input without server-side validation against the configured price. This makes it possible for unauthenticated attackers to submit a negative number to the 'tips' parameter, causing the total price to be reduced to zero.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

Wordfence

予約する

2026年02月15日

公開

2026年04月09日

モデレーション

承諾済み

エントリ

VDB-356555

CPE

準備完了

CWE

CWE-472 (確認済み)

CVSS

5.3 (CNA)

EPSS

0.00024

KEV

いいえ

アクティビティ

非常低い

セクター

Hostingprovider

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-2519
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-2519
CVE Details	https://www.cvedetails.com/cve/CVE-2026-2519/

◂ 前概要次 ▸

Want to know what is going to be exploited?

We predict KEV entries!