Lucene search
+L

57 matches found

Prion
Prion
added 2023/12/28 7:15 p.m.18 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin...

6.5CVSS7.9AI score0.00537EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/28 6:37 p.m.29 views

CVE-2023-50841 WordPress BookingPress Plugin <= 1.0.72 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin...

8.5CVSS9.3AI score0.00537EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/28 12:0 a.m.6 views

PT-2023-31673 · Repute Infosystems · Bookingpress

Name of the Vulnerable Software and Affected Versions: Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin versions 1.0.0 through 1.0.72 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special...

8.8CVSS9.1AI score0.00537EPSS
Exploits0References4
Patchstack
Patchstack
added 2023/12/27 12:0 a.m.13 views

WordPress BookingPress Plugin <= 1.0.74 is vulnerable to Other Vulnerability Type

Software BookingPress Type Plugin Vulnerable versions = 1.0.74 Fixed in 1.0.75 OWASP Top 10 A4: Insecure Design Classification Other Vulnerability Type CVE CVE-2023-51405 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 5ed1a6f81388 Credits Abdi Pranata Required privilege...

9.8CVSS6.6AI score0.00655EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/11/30 4:15 p.m.23 views

CVE-2023-36507

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.6...

5.3CVSS0.0051EPSS
Exploits0References1
OSV
OSV
added 2023/11/30 4:15 p.m.5 views

CVE-2023-36507

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.6...

5.3CVSS7.3AI score0.0051EPSS
Exploits0References1
Prion
Prion
added 2023/11/30 4:15 p.m.29 views

Code injection

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.6...

5CVSS7AI score0.0051EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/11/28 3:15 a.m.1 views

CVE-2023-6219

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpressprocessupload' function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level capabilities or above...

7.2CVSS6.4AI score0.01231EPSS
Exploits0References4
NVD
NVD
added 2023/11/28 3:15 a.m.24 views

CVE-2023-6219

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpressprocessupload' function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level capabilities or above...

7.2CVSS0.01231EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/11/28 2:37 a.m.27 views

CVE-2023-6219 BookingPress <= 1.0.76 - Authenticated (Administrator+) Arbitrary File Upload

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpressprocessupload' function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level capabilities or above...

7.2CVSS7.5AI score0.01231EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/11/28 12:0 a.m.6 views

WordPress Plugin JBookingPress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin JBookingPress 1.0....

7.2CVSS7AI score0.01231EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/11/28 12:0 a.m.7 views

PT-2023-32568 · WordPress · Bookingpress

Name of the Vulnerable Software and Affected Versions: BookingPress plugin for WordPress versions up to, and including, 1.0.76 Description: The issue is related to insufficient file validation on the bookingpress process upload function, allowing authenticated attackers with administrator-level...

7.2CVSS7.7AI score0.01231EPSS
Exploits0References7
OSV
OSV
added 2023/01/02 10:15 p.m.3 views

CVE-2022-4340

The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query...

5.3CVSS5.8AI score0.00669EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/01/02 12:0 a.m.7 views

PT-2023-14197 · WordPress · Bookingpress

Name of the Vulnerable Software and Affected Versions: BookingPress WordPress plugin versions prior to 1.0.31 Description: The issue allows any visitor to display information about any booking by manipulating the appointment id query parameter in the thank you page, potentially exposing full name...

5.3CVSS5.1AI score0.00669EPSS
Exploits2References5
WPVulnDB
WPVulnDB
added 2022/12/07 12:0 a.m.21 views

BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id

The plugin suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query parameter. PoC curl -s...

5.3CVSS0.5AI score0.00669EPSS
Exploits2Affected Software1
OSV
OSV
added 2022/03/21 7:15 p.m.3 views

CVE-2022-0739

The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpressfrontgetcategoryservices AJAX action available to unauthenticated users, leading to an unauthenticated SQL Injection...

9.8CVSS7.4AI score0.37171EPSS
Exploits11References2
Positive Technologies
Positive Technologies
added 2022/03/21 12:0 a.m.8 views

PT-2022-13401 · WordPress · Bookingpress

Name of the Vulnerable Software and Affected Versions: BookingPress WordPress plugin versions prior to 1.0.11 Description: The issue arises from the failure to properly sanitize user-supplied POST data, which is then used in a dynamically constructed SQL query. This occurs via the "bookingpress...

9.8CVSS9.6AI score0.37171EPSS
Exploits11References10
Rows per page
Query Builder