Browse all 4 CVE security advisories affecting ladela. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Ladela primarily provides enterprise resource planning (ERP) solutions for mid-sized businesses, focusing on supply chain and inventory management systems. Historically, ladela's products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and access control flaws. The vendor has addressed multiple critical flaws in its web interfaces and database components, with four CVEs documented to date. While no major public security incidents have been reported, ladela's track record indicates a pattern of vulnerabilities in authentication mechanisms and API endpoints, necessitating regular security assessments and prompt patch management by organizations implementing their solutions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-2519 | Online Scheduling and Appointment Booking System – Bookly <= 27.0 - Unauthenticated Price Manipulation via 'tips' — Online Scheduling and Appointment Booking System – BooklyCWE-472 | 5.3 | Medium | 2026-04-09 |
| CVE-2024-5584 | WordPress Online Booking and Scheduling Plugin – Bookly <= 23.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter — Online Scheduling and Appointment Booking System – BooklyCWE-79 | 6.4 | Medium | 2024-06-11 |
| CVE-2023-1159 | WordPress plugin Bookly 跨站脚本漏洞 — WordPress Online Booking and Scheduling Plugin – Bookly | 4.0 | Medium | 2023-06-02 |
| CVE-2023-1172 | WordPress Plugin Bookly 跨站脚本漏洞 — WordPress Online Booking and Scheduling Plugin – Bookly | 7.2 | High | 2023-03-17 |
This page lists every published CVE security advisory associated with ladela. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.