Lucene search
K

182 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:6 a.m.10 views

CVE-2023-6219

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpressprocessupload' function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level capabilities or above...

7.2CVSS7.7AI score0.01231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:55 p.m.9 views

CVE-2022-4340

The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query...

5.3CVSS6.5AI score0.00669EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/04/03 3:32 p.m.11 views

CVE-2025-31910

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows SQL Injection.This issue affects BookingPress: from n/a through = 1.1.28...

7.6CVSS7.3AI score0.00351EPSS
Exploits0References1
OSV
OSV
added 2025/04/01 3:16 p.m.3 views

CVE-2025-31910

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in reputeinfosystems BookingPress allows SQL Injection. This issue affects BookingPress: from n/a through 1.1.28...

7.6CVSS7.3AI score0.00351EPSS
Exploits0References1
NVD
NVD
added 2025/04/01 3:16 p.m.21 views

CVE-2025-31910

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows SQL Injection.This issue affects BookingPress: from n/a through = 1.1.28...

7.6CVSS0.00351EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/01 2:52 p.m.24 views

CVE-2025-31910 WordPress BookingPress plugin <= 1.1.28 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows SQL Injection.This issue affects BookingPress: from n/a through = 1.1.28...

7.6CVSS0.00351EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/01 2:52 p.m.10 views

CVE-2025-31910 WordPress BookingPress plugin <= 1.1.28 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows SQL Injection.This issue affects BookingPress: from n/a through = 1.1.28...

7.6CVSS7.3AI score0.00351EPSS
Exploits0References1
CVE
CVE
added 2025/04/01 2:52 p.m.67 views

CVE-2025-31910

Technical details for CVE-2025-31910 are not provided in the Connected documents. The Initial Description notes a SQL Injection in BookingPress

7.6CVSS7.3AI score0.00351EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.4 views

PT-2025-14274 · Unknown · Bookingpress

Name of the Vulnerable Software and Affected Versions: BookingPress versions 1.1.28 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: Fo...

7.6CVSS8.3AI score0.00351EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.6 views

WordPress plugin BookingPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

7.6CVSS8.3AI score0.00351EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 12:0 p.m.8 views

CVE-2024-7350

The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This...

9.8CVSS7AI score0.00656EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:17 a.m.8 views

CVE-2024-3022

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpressprocessupload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to...

7.2CVSS7.3AI score0.01563EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:11 a.m.8 views

CVE-2024-6467

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpresssavelitewizardsettingsfunc' function. This makes it possible fo...

8.8CVSS6.5AI score0.00856EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:57 a.m.13 views

CVE-2024-6660

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpressimportdatacontinueprocessfunc function in all...

8.8CVSS7AI score0.00621EPSS
Exploits0References1
NVD
NVD
added 2025/01/24 6:15 p.m.15 views

CVE-2025-24732

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows DOM-Based XSS.This issue affects BookingPress: from n/a through = 1.1.25...

6.5CVSS0.00296EPSS
Exploits0References1
OSV
OSV
added 2025/01/24 6:15 p.m.6 views

CVE-2025-24732

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Booking & Appointment - Repute Infosystems BookingPress allows DOM-Based XSS. This issue affects BookingPress: from n/a through 1.1.25...

5.4CVSS5.8AI score0.00296EPSS
Exploits0References1
CVE
CVE
added 2025/01/24 5:25 p.m.63 views

CVE-2025-24732

CVE-2025-24732 : BookingPress plugin (WordPress) ≤ 1.1.25 suffers DOM-based XSS due to improper input neutralization during page generation. Exploitation could affect pages rendered via BookingPress. Public references list patch availability; Red Hat/NVD entries confirm the vulnerability. Remedia...

6.5CVSS7.2AI score0.00296EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/01/24 5:25 p.m.44 views

CVE-2025-24732 WordPress BookingPress Plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows DOM-Based XSS.This issue affects BookingPress: from n/a through = 1.1.25...

6.5CVSS0.00296EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/24 5:25 p.m.13 views

CVE-2025-24732 WordPress BookingPress Plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Booking & Appointment - Repute Infosystems BookingPress allows DOM-Based XSS. This issue affects BookingPress: from n/a through 1.1.25...

6.5CVSS6.9AI score0.00296EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/24 11:47 a.m.6 views

WordPress BookingPress Plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin BookingPress versions = 1.1.25...

6.5CVSS6.1AI score0.00296EPSS
Exploits0Affected Software1
Rows per page
Query Builder