{"vulnerability": "cve-2026-5513", "sightings": [{"uuid": "9d1f2bc6-ea69-45c5-abdf-af54d6b0a28b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5513", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mo6tilwrx22o", "content": "Visitors inject malicious scripts. Steal admin sessions. Compromise customer data. CVE-2026-5513 (CVSS 7.2) hits Bookly up to 27.2. No patch available. Disable it now. Scan your WordPress site: pulse-wp.com\n#WordPress #XSS #CyberSecurity", "creation_timestamp": "2026-06-13T18:01:43.229773Z"}, {"uuid": "08a4b99a-0bc7-4031-a927-401879c8f752", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5513", "type": "seen", "source": "https://bsky.app/profile/cybersecinsight.bsky.social/post/3moaop5bw442b", "content": "\ud83d\udd0d Vulnerability Spotlight | Part 2/3\n\n\u26a0\ufe0f CVE-2026-5513\n\nThe Online Scheduling and Appointment Booking System \u2013 Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-cus...", "creation_timestamp": "2026-06-14T11:39:38.968899Z"}, {"uuid": "2ca9a05a-8425-442b-88bc-4fa9a4e5e0b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-5513", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116746932965862347", "content": "CVE-2026-5513: HIGH severity XSS in Bookly (<=27.2) via 'bookly-customer-full-name' cookie. Exploitable if 'Remember personal info in cookies' is enabled (disabled by default). No patch yet \u2014 disable vulnerable setting! https://radar.offseq.com/threat/cve-2026-5513-cwe-79-improper-neutralization-of-in-d213c0f7 #OffSeq #XSS #WordPress #Security", "creation_timestamp": "2026-06-14T06:01:57.464821Z"}, {"uuid": "562a2618-1485-46ae-aa7d-b9638ee27024", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-5513", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3moa3qky2ho2l", "content": "Bookly plugin (<=27.2) hits HIGH XSS \u2014 unauthenticated attackers can inject scripts if 'Remember personal info in cookies' is ON. No fix yet: disable this setting to reduce risk. https://radar.offseq.com/threat/cve-2026-5513-cwe-79-improper-neutralization-of-in-d213c0f7 #OffSeq #WordPress #XSS", "creation_timestamp": "2026-06-14T06:02:36.156374Z"}]}