Lucene search
+L

182 matches found

cnnvd
cnnvd
added 2025/01/24 12:0 a.m.7 views

WordPress plugin BookingPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin BookingPre...

6.5CVSS7.9AI score0.00296EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/01/24 12:0 a.m.11 views

PT-2025-5546 · Unknown · Bookingpress

Name of the Vulnerable Software and Affected Versions: BookingPress versions 1.1.25 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This means an attacker could potentially inject malicious scripts into...

6.5CVSS7.2AI score0.00296EPSS
Exploits0References6
patchstack
patchstack
added 2025/01/13 7:8 a.m.9 views

WordPress BookingPress plugin < 1.1.23 - Unauthenticated Export File Download vulnerability

Unauthenticated Export File Download vulnerability discovered by Thanh Hang in WordPress Plugin BookingPress versions 1.1.23...

7.5CVSS7AI score0.00626EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2025/01/13 6:0 a.m.52 views

CVE-2024-12274 BookingPress < 1.1.23 - Unauthenticated Export File Download

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files if they exist...

0.00626EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/01/13 6:0 a.m.8 views

CVE-2024-12274 BookingPress < 1.1.23 - Unauthenticated Export File Download

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files if they exist...

7.6AI score0.00626EPSS
Exploits1References1
cve
cve
added 2025/01/13 6:0 a.m.37 views

CVE-2024-12274

The CVE-2024-12274 entry concerns BookingPress (Appointment Booking Calendar Plugin and Scheduling Plugin) for WordPress, affecting versions before 1.1.23. Technical details across connected sources confirm an unauthenticated risk: the Export Settings feature writes data to a publicly accessible ...

7.5CVSS6.5AI score0.00626EPSS
Exploits1References1Affected Software1
nvd
nvd
added 2024/12/24 11:15 a.m.41 views

CVE-2024-11726

The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpressform' shortcode in all versions up to, and including, 1.1.21 due to insufficient escaping on the user supplied paramete...

6.5CVSS0.00484EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/12/24 11:9 a.m.10 views

CVE-2024-11726 Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.21 - Authenticated (Contributor+) SQL Injection

The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpressform' shortcode in all versions up to, and including, 1.1.21 due to insufficient escaping on the user supplied paramete...

6.5CVSS6.5AI score0.00484EPSS
Exploits0References2
cvelist
cvelist
added 2024/12/24 11:9 a.m.38 views

CVE-2024-11726 Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.21 - Authenticated (Contributor+) SQL Injection

The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpressform' shortcode in all versions up to, and including, 1.1.21 due to insufficient escaping on the user supplied paramete...

6.5CVSS0.00484EPSS
Exploits0References2
cve
cve
added 2024/12/24 11:9 a.m.55 views

CVE-2024-11726

CVE-2024-11726 affects the BookingPress (Appointment Booking Calendar Plugin and Scheduling Plugin) for WordPress. The flaw is an SQL Injection in the shortcodes context: the category parameter of the bookingpress_form shortcode is inadequately escaped, allowing an authenticated user with Contrib...

6.5CVSS7.5AI score0.00484EPSS
Exploits0References2
patchstack
patchstack
added 2024/12/24 12:17 a.m.9 views

WordPress BookingPress plugin <= 1.1.21 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by shaman0x01 in WordPress Plugin BookingPress versions = 1.1.21...

6.5CVSS8.1AI score0.00484EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2024/12/24 12:0 a.m.7 views

PT-2024-17214 · WordPress · Bookingpress

Name of the Vulnerable Software and Affected Versions: BookingPress plugin for WordPress versions up to, and including, 1.1.21 Description: The issue is related to SQL Injection via the category parameter of the 'bookingpress form' shortcode. This is due to insufficient escaping on the...

6.5CVSS9.7AI score0.00484EPSS
Exploits0References7
cnnvd
cnnvd
added 2024/12/24 12:0 a.m.29 views

WordPress plugin BookingPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. The WordPress plugi...

6.5CVSS8.5AI score0.00484EPSS
Exploits0References2
osv
osv
added 2024/11/02 2:15 a.m.6 views

CVE-2024-10540

The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpressform shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter a...

6.5CVSS5.9AI score0.00575EPSS
Exploits0References5
cvelist
cvelist
added 2024/11/02 2:3 a.m.25 views

CVE-2024-10540 Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.16 - Authenticated (Subscriber+) SQL Injection

The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpressform shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter a...

5.3CVSS0.00575EPSS
Exploits0References5
cve
cve
added 2024/11/02 2:3 a.m.52 views

CVE-2024-10540

CVE-2024-10540 affects the BookingPress plugin for WordPress (BookingPress/Appointment Booking Calendar) up to version 1.1.16. The vulnerability is a SQL Injection via the service parameter of the bookingpress_form shortcode caused by insufficient escaping and unsafe SQL query construction. Authe...

6.5CVSS5.6AI score0.00575EPSS
Exploits0References5Affected Software1
cnnvd
cnnvd
added 2024/11/02 12:0 a.m.6 views

WordPress plugin BookingPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

6.5CVSS7.6AI score0.00575EPSS
Exploits0References5
patchstack
patchstack
added 2024/11/01 9:29 p.m.14 views

WordPress BookingPress plugin <= 1.1.16 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin BookingPress versions = 1.1.16...

6.5CVSS8.1AI score0.00575EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2024/11/01 12:0 a.m.11 views

PT-2024-16356 · WordPress · Bookingpress

Name of the Vulnerable Software and Affected Versions: BookingPress plugin for WordPress versions up to, and including, 1.1.16 Description: The BookingPress plugin for WordPress is vulnerable to SQL Injection via the service parameter of the bookingpress form shortcode due to insufficient escapin...

6.5CVSS7.6AI score0.00575EPSS
Exploits0References17
patchstack
patchstack
added 2024/11/01 12:0 a.m.14 views

WordPress BookingPress Plugin <= 1.1.16 is vulnerable to SQL Injection

Software BookingPress Type Plugin Vulnerable versions = 1.1.16 Fixed in 1.1.17 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-10540 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID ae4b89138a08 Credits Arkadiusz Hydzik Required privilege Subscriber...

6.5CVSS6.9AI score0.00575EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder