182 matches found
CVE-2026-12378 BookingPress <= 1.1.28 - Unauthenticated PHP Object Injection
The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin through 1.1.28 does not validate data before passing it to a PHP deserialization function, allowing unauthenticated attackers to inject arbitrary PHP objects; where a suitable gadget chain is present on the site this c...
CVE-2026-12378
The CVE-2026-12378 entry concerns the WordPress plugins BookingPress/Appointment Booking Calendar (up to version 1.1.28). The vulnerability arises from unsafely passing input to a PHP deserialization function, enabling unauthenticated attackers to inject arbitrary PHP objects with a suitable gadg...
WordPress BookingPress Appointment Booking Pro plugin <= 5.7.1 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by h0xilo in WordPress Plugin BookingPress Appointment Booking Pro versions = 5.7.1...
CVE-2026-11823
The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'storeservicedate' parameter of the bpaassignstaffmembertoslots function in versions up to and including 5.7.1. This is due to the explicit use of stripslashesdeep on user-supplied POST data befor...
CVE-2026-11823 BookingPress Appointment Booking Pro <= 5.7.1 - Unauthenticated SQL Injection via 'store_service_date' Parameter
The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'storeservicedate' parameter of the bpaassignstaffmembertoslots function in versions up to and including 5.7.1. This is due to the explicit use of stripslashesdeep on user-supplied POST data befor...
CVE-2026-11823
The CVE-2026-11823 entry concerns the BookingPress Appointment Booking Pro plugin for WordPress, affected up to version 5.7.1. The vulnerability is a SQL Injection via the store_service_date parameter of the bpa_assign_staffmember_to_slots() function. Root cause: user-supplied POST data is passed...
CVE-2026-6960
The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...
Exploit for CVE-2026-6960
CVE-2026-6960 — BookingPress Pro ≤ 5.6 | Unauthenticated Arbit...
WordPress BookingPress Appointment Booking Pro plugin <= 5.6 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by h0xilo in WordPress Plugin BookingPress Appointment Booking Pro versions = 5.6...
EUVD-2026-31367
The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...
CVE-2026-6960
The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...
CVE-2026-6960
The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...
CVE-2026-6960 BookingPress Pro <= 5.6 - Unauthenticated Arbitrary File Upload via Signature Custom Field
The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...
CVE-2026-6960 BookingPress Pro <= 5.6 - Unauthenticated Arbitrary File Upload via Signature Custom Field
The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...
CVE-2026-6960
BookingPress Pro (WordPress) is affected by CVE-2026-6960 due to missing file type validation in the function bookingpress_validate_submitted_booking_form_func, affecting all versions up to and including 5.6. The vulnerability enables arbitrary file uploads on the affected site’s server and could...
WordPress plugin BookingPress Pro 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-42552
Name of the Vulnerable Software and Affected Versions BookingPress Pro versions prior to 5.7 Description The BookingPress Pro plugin for WordPress allows unauthenticated attackers to upload arbitrary files to the server, which may lead to remote code execution. This occurs due to missing file typ...
CVE-2022-0739
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpressfrontgetcategoryservices AJAX action available to unauthenticated users, leading to an unauthenticated SQL Injection...
CVE-2023-50841
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin...
EUVD-2024-35065
Malicious code in bioql PyPI...