Title: Sitelock Issues Last modified: March 6, 2019 --- # Sitelock Issues * Resolved [macsavers](https://wordpress.org/support/users/macsavers/) * (@macsavers) * [7 years, 3 months ago](https://wordpress.org/support/topic/sitelock-issues/) * I keep getting a critical issue with your plugin, despite the updates. It keeps saying that an unauthenticated user can inject arbitrary persistent javascript code in the admin panel due to the XSS portion of your plugin. * Here’s the Summary: Bookly #1 WordPress Booking Plugin (Lite) <= 13.2 – Unauthenticated Blind Stored XSS * I’d love to see this resolved. My boss is very nervous because of this. Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Author [wpdevelop](https://wordpress.org/support/users/wpdevelop/) * (@wpdevelop) * [7 years, 3 months ago](https://wordpress.org/support/topic/sitelock-issues/#post-11281587) * Hello. * 1) Please note, in your summary is mentioned ” Bookly #1 WordPress Booking Plugin( Lite) ” , * Its does not original “Booking Calendar” plugin. Its other not our product. * ” Bookly #1 WordPress Booking Plugin (Lite) ” – [https://wordpress.org/plugins/bookly-responsive-appointment-booking-tool/](https://wordpress.org/plugins/bookly-responsive-appointment-booking-tool/) * And the original our “Booking Calendar” plugin you can check here [https://wordpress.org/plugins/booking/](https://wordpress.org/plugins/booking/) * Additionly Booking Calendar plugin does not have version 13.2, which is mentioned in your description. * The latest version of Booking Calendar is 8.4.6 * 2) Probabaly there some mistake relative to the “term” of scanning plugins about the issues. So it’s automatcially show issue in Booking Calendar plugin an issue. * Booking Calendar have term “booking” * And the Bookly #1 WordPress Booking Plugin (Lite) ” is – “bookly-responsive-appointment- booking-tool”. * Kind Regards. * Thread Starter [macsavers](https://wordpress.org/support/users/macsavers/) * (@macsavers) * [7 years, 3 months ago](https://wordpress.org/support/topic/sitelock-issues/#post-11281696) * That’s weird. It shows your version, 8.4.6. It’s the only booking plugin we have. So why would it it be a different plugin? * Here’s the full text they provide: * Booking 8.4.6 Severity: Critical * Category: xss * Summary: Bookly #1 WordPress Booking Plugin (Lite) <= 13.2 – Unauthenticated Blind Stored XSS * Description: An unauthenticated user can inject arbitrary persistent javascript code in the admin panel. * Plugin Author [wpdevelop](https://wordpress.org/support/users/wpdevelop/) * (@wpdevelop) * [7 years, 3 months ago](https://wordpress.org/support/topic/sitelock-issues/#post-11281710) * Hello. 1) This info “Bookly #1 WordPress Booking Plugin (Lite) ” is about other booking plugin. * Can you contact support where from this info is coming ? * 2) More here: [https://www.gubello.me/blog/bookly-blind-stored-xss/](https://www.gubello.me/blog/bookly-blind-stored-xss/) * and here [https://owlpower.eu/wp-services/wp-security/wp-plugin-vulnerabilities-feb-2018/](https://owlpower.eu/wp-services/wp-security/wp-plugin-vulnerabilities-feb-2018/) * which is show interface and relative to the other plugin [https://wordpress.org/plugins/bookly-responsive-appointment-booking-tool/](https://wordpress.org/plugins/bookly-responsive-appointment-booking-tool/) * Its does not “Booking Calendar” plugin. * Kind Regards. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Sitelock Issues’ is closed to new replies. * ![](https://ps.w.org/booking/assets/icon-256x256.gif?rev=3335907) * [Booking Calendar](https://wordpress.org/plugins/booking/) * [Frequently Asked Questions](https://wordpress.org/plugins/booking/#faq) * [Support Threads](https://wordpress.org/support/plugin/booking/) * [Active Topics](https://wordpress.org/support/plugin/booking/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/booking/unresolved/) * [Reviews](https://wordpress.org/support/plugin/booking/reviews/) * 3 replies * 2 participants * Last reply from: [wpdevelop](https://wordpress.org/support/users/wpdevelop/) * Last activity: [7 years, 3 months ago](https://wordpress.org/support/topic/sitelock-issues/#post-11281710) * Status: resolved