182 matches found
Exploit for SQL Injection in Reputeinfosystems Bookingpress
CVE-2022-0739 My take on CVE-2022-0739 BookingPress exploit,...
CVE-2022-4340
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query...
Information disclosure
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query...
CVE-2022-4340 BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query...
CVE-2022-4340 BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query...
CVE-2022-4340
BookingPress WordPress plugin (versions before 1.0.31) is affected by an Insecure Direct Object Reference (IDOR) in the thank-you page. The underlying issue enables unauthenticated users to view booking details (full name, date, time, service) by altering the appointment_id parameter. Reported in...
WordPress plugin BookingPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2023-14197 · WordPress · Bookingpress
Name of the Vulnerable Software and Affected Versions: BookingPress WordPress plugin versions prior to 1.0.31 Description: The issue allows any visitor to display information about any booking by manipulating the appointment id query parameter in the thank you page, potentially exposing full name...
BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id
The plugin suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query parameter. PoC curl -s...
Wordpress BookingPress bookingpress_front_get_category_services SQLi
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied data in the totalservice parameter of the bookingpressfrontgetcategoryservices AJAX action available to unauthenticated users, prior to using it in a dynamically constructed SQL query. As a result,...
Exploit for SQL Injection in Reputeinfosystems Bookingpress
CVE-2022-0739 Proof-of-Concept exploit SQLI BookingPress befo...
Exploit for SQL Injection in Reputeinfosystems Bookingpress
CVE-2022-0739 Proof-of-Concept exploit SQLI BookingPress befo...
CVE-2022-0739
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpressfrontgetcategoryservices AJAX action available to unauthenticated users, leading to an unauthenticated SQL Injection...
CVE-2022-0739
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpressfrontgetcategoryservices AJAX action available to unauthenticated users, leading to an unauthenticated SQL Injection...
CVE-2022-0739
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpressfrontgetcategoryservices AJAX action available to unauthenticated users, leading to an unauthenticated SQL Injection...
CVE-2022-0739 BookingPress < 1.0.11 - Unauthenticated SQL Injection
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpressfrontgetcategoryservices AJAX action available to unauthenticated users, leading to an unauthenticated SQL Injection...
CVE-2022-0739
BookingPress (WordPress) has a SQL injection in versions before 1.0.11 via the unauthenticated bookingpress_front_get_category_services AJAX action. The vulnerability stems from improper sanitization of user-supplied data used to build a dynamic SQL query, enabling unauthenticated disclosure of b...
PT-2022-13401 · WordPress · Bookingpress
Name of the Vulnerable Software and Affected Versions: BookingPress WordPress plugin versions prior to 1.0.11 Description: The issue arises from the failure to properly sanitize user-supplied POST data, which is then used in a dynamically constructed SQL query. This occurs via the "bookingpress...
WordPress plugin BookingPress SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. WordPress plugin BookingPress 1.0.11 version befor...
WordPress BookingPress plugin <= 1.0.10 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress BookingPress plugin versions = 1.0.10. Solution Update the WordPress BookingPress plugin to the latest available version at least 1.0.11...