CVE-2024-5584

Name of the Vulnerable Software and Affected Versions Bookly plugin for WordPress versions up to and including 23.2

Description The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers with staff member role and Subscriber-level access or higher to inject arbitrary web scripts via the Color Profile parameter. This enables the execution of injected scripts whenever a user accesses the compromised page.

Recommendations For Bookly plugin for WordPress versions up to and including 23.2, update to a version later than 23.2 to resolve the issue. As a temporary workaround, consider restricting access to the Color Profile parameter to minimize the risk of exploitation.