Lucene search
K

182 matches found

Cvelist
Cvelist
added last week33 views

CVE-2026-12378 BookingPress <= 1.1.28 - Unauthenticated PHP Object Injection

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin through 1.1.28 does not validate data before passing it to a PHP deserialization function, allowing unauthenticated attackers to inject arbitrary PHP objects; where a suitable gadget chain is present on the site this c...

0.00389EPSS
Exploits0References1
CVE
CVE
added last week9 views

CVE-2026-12378

The CVE-2026-12378 entry concerns the WordPress plugins BookingPress/Appointment Booking Calendar (up to version 1.1.28). The vulnerability arises from unsafely passing input to a PHP deserialization function, enabling unauthenticated attackers to inject arbitrary PHP objects with a suitable gadg...

8.1CVSS6.2AI score0.00389EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/01 9:53 a.m.7 views

WordPress BookingPress Appointment Booking Pro plugin <= 5.7.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by h0xilo in WordPress Plugin BookingPress Appointment Booking Pro versions = 5.7.1...

7.5CVSS5.8AI score0.00285EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/01 7:16 a.m.12 views

CVE-2026-11823

The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'storeservicedate' parameter of the bpaassignstaffmembertoslots function in versions up to and including 5.7.1. This is due to the explicit use of stripslashesdeep on user-supplied POST data befor...

7.5CVSS0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 5:35 a.m.40 views

CVE-2026-11823 BookingPress Appointment Booking Pro <= 5.7.1 - Unauthenticated SQL Injection via 'store_service_date' Parameter

The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'storeservicedate' parameter of the bpaassignstaffmembertoslots function in versions up to and including 5.7.1. This is due to the explicit use of stripslashesdeep on user-supplied POST data befor...

7.5CVSS0.00285EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 5:35 a.m.22 views

CVE-2026-11823

The CVE-2026-11823 entry concerns the BookingPress Appointment Booking Pro plugin for WordPress, affected up to version 5.7.1. The vulnerability is a SQL Injection via the store_service_date parameter of the bpa_assign_staffmember_to_slots() function. Root cause: user-supplied POST data is passed...

7.5CVSS5.9AI score0.00285EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-6960

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS6.4AI score0.00672EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/05/23 4:22 a.m.118 views

Exploit for CVE-2026-6960

CVE-2026-6960 — BookingPress Pro ≤ 5.6 | Unauthenticated Arbit...

9.8CVSS6.1AI score0.00672EPSS
Exploits1
Patchstack
Patchstack
added 2026/05/22 6:47 a.m.14 views

WordPress BookingPress Appointment Booking Pro plugin <= 5.6 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by h0xilo in WordPress Plugin BookingPress Appointment Booking Pro versions = 5.6...

9.8CVSS5.8AI score0.00672EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/05/22 12:31 a.m.15 views

EUVD-2026-31367

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS6.5AI score0.00672EPSS
Exploits1References3
NVD
NVD
added 2026/05/21 10:16 p.m.14 views

CVE-2026-6960

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS0.00672EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:27 p.m.20 views

CVE-2026-6960

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS6.5AI score0.00672EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/21 9:27 p.m.35 views

CVE-2026-6960 BookingPress Pro <= 5.6 - Unauthenticated Arbitrary File Upload via Signature Custom Field

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS0.00672EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/21 9:27 p.m.10 views

CVE-2026-6960 BookingPress Pro <= 5.6 - Unauthenticated Arbitrary File Upload via Signature Custom Field

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS6.5AI score0.00672EPSS
Exploits1References2
CVE
CVE
added 2026/05/21 9:27 p.m.25 views

CVE-2026-6960

BookingPress Pro (WordPress) is affected by CVE-2026-6960 due to missing file type validation in the function bookingpress_validate_submitted_booking_form_func, affecting all versions up to and including 5.6. The vulnerability enables arbitrary file uploads on the affected site’s server and could...

9.8CVSS6.5AI score0.00672EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

WordPress plugin BookingPress Pro 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS6AI score0.00672EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42552

Name of the Vulnerable Software and Affected Versions BookingPress Pro versions prior to 5.7 Description The BookingPress Pro plugin for WordPress allows unauthenticated attackers to upload arbitrary files to the server, which may lead to remote code execution. This occurs due to missing file typ...

9.8CVSS6.2AI score0.00672EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.13 views

CVE-2022-0739

The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpressfrontgetcategoryservices AJAX action available to unauthenticated users, leading to an unauthenticated SQL Injection...

9.8CVSS7.3AI score0.37171EPSS
Exploits11References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:59 a.m.11 views

CVE-2023-50841

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin...

8.8CVSS8.8AI score0.00537EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-35065

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00368EPSS
Exploits0References1
Rows per page
Query Builder