{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2519", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-02-15T06:39:59.038Z", "datePublished": "2026-04-09T12:28:06.471Z", "dateUpdated": "2026-04-09T12:28:06.471Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-09T12:28:06.471Z"}, "affected": [{"vendor": "ladela", "product": "Online Scheduling and Appointment Booking System \u2013 Bookly", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "27.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Online Scheduling and Appointment Booking System \u2013 Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due to the plugin trusting a user-supplied input without server-side validation against the configured price. This makes it possible for unauthenticated attackers to submit a negative number to the 'tips' parameter, causing the total price to be reduced to zero."}], "title": "Online Scheduling and Appointment Booking System \u2013 Bookly <= 27.0 - Unauthenticated Price Manipulation via 'tips'", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ead87d8b-2659-4e8b-a0b9-138b1db89e36?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/bookly-responsive-appointment-booking-tool/trunk/lib/UserBookingData.php#L355"}, {"url": "https://plugins.trac.wordpress.org/browser/bookly-responsive-appointment-booking-tool/trunk/frontend/modules/booking/Ajax.php#L709"}, {"url": "https://plugins.trac.wordpress.org/browser/bookly-responsive-appointment-booking-tool/trunk/lib/CartInfo.php#L450"}, {"url": "https://plugins.trac.wordpress.org/changeset/3480956/"}, {"url": "https://www.booking-wp-plugin.com/change-log/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-472 External Control of Assumed-Immutable Web Parameter", "cweId": "CWE-472", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Youssef Elouaer"}], "timeline": [{"time": "2026-03-31T11:25:57.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-04-08T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Online Scheduling and Appointment Booking System \u2013 Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due to the plugin trusting a user-supplied input without server-side validation against the configured price. This makes it possible for unauthenticated attackers to submit a negative number to the 'tips' parameter, causing the total price to be reduced to zero."}], "id": "CVE-2026-2519", "lastModified": "2026-04-09T13:16:42.843", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2026-04-09T13:16:42.843", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/bookly-responsive-appointment-booking-tool/trunk/frontend/modules/booking/Ajax.php#L709"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/bookly-responsive-appointment-booking-tool/trunk/lib/CartInfo.php#L450"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/bookly-responsive-appointment-booking-tool/trunk/lib/UserBookingData.php#L355"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3480956/"}, {"source": "security@wordfence.com", "url": "https://www.booking-wp-plugin.com/change-log/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ead87d8b-2659-4e8b-a0b9-138b1db89e36?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-472"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{}