182 matches found
WordPress plugin BookingPress 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin BookingPre...
PT-2025-5546 · Unknown · Bookingpress
Name of the Vulnerable Software and Affected Versions: BookingPress versions 1.1.25 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This means an attacker could potentially inject malicious scripts into...
WordPress BookingPress plugin < 1.1.23 - Unauthenticated Export File Download vulnerability
Unauthenticated Export File Download vulnerability discovered by Thanh Hang in WordPress Plugin BookingPress versions 1.1.23...
CVE-2024-12274 BookingPress < 1.1.23 - Unauthenticated Export File Download
The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files if they exist...
CVE-2024-12274 BookingPress < 1.1.23 - Unauthenticated Export File Download
The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files if they exist...
CVE-2024-12274
The CVE-2024-12274 entry concerns BookingPress (Appointment Booking Calendar Plugin and Scheduling Plugin) for WordPress, affecting versions before 1.1.23. Technical details across connected sources confirm an unauthenticated risk: the Export Settings feature writes data to a publicly accessible ...
CVE-2024-11726
The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpressform' shortcode in all versions up to, and including, 1.1.21 due to insufficient escaping on the user supplied paramete...
CVE-2024-11726 Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.21 - Authenticated (Contributor+) SQL Injection
The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpressform' shortcode in all versions up to, and including, 1.1.21 due to insufficient escaping on the user supplied paramete...
CVE-2024-11726 Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.21 - Authenticated (Contributor+) SQL Injection
The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpressform' shortcode in all versions up to, and including, 1.1.21 due to insufficient escaping on the user supplied paramete...
CVE-2024-11726
CVE-2024-11726 affects the BookingPress (Appointment Booking Calendar Plugin and Scheduling Plugin) for WordPress. The flaw is an SQL Injection in the shortcodes context: the category parameter of the bookingpress_form shortcode is inadequately escaped, allowing an authenticated user with Contrib...
WordPress BookingPress plugin <= 1.1.21 - Authenticated (Contributor+) SQL Injection vulnerability
Authenticated Contributor+ SQL Injection vulnerability discovered by shaman0x01 in WordPress Plugin BookingPress versions = 1.1.21...
PT-2024-17214 · WordPress · Bookingpress
Name of the Vulnerable Software and Affected Versions: BookingPress plugin for WordPress versions up to, and including, 1.1.21 Description: The issue is related to SQL Injection via the category parameter of the 'bookingpress form' shortcode. This is due to insufficient escaping on the...
WordPress plugin BookingPress SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. The WordPress plugi...
CVE-2024-10540
The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpressform shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter a...
CVE-2024-10540 Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.16 - Authenticated (Subscriber+) SQL Injection
The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpressform shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter a...
CVE-2024-10540
CVE-2024-10540 affects the BookingPress plugin for WordPress (BookingPress/Appointment Booking Calendar) up to version 1.1.16. The vulnerability is a SQL Injection via the service parameter of the bookingpress_form shortcode caused by insufficient escaping and unsafe SQL query construction. Authe...
WordPress plugin BookingPress SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...
WordPress BookingPress plugin <= 1.1.16 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin BookingPress versions = 1.1.16...
PT-2024-16356 · WordPress · Bookingpress
Name of the Vulnerable Software and Affected Versions: BookingPress plugin for WordPress versions up to, and including, 1.1.16 Description: The BookingPress plugin for WordPress is vulnerable to SQL Injection via the service parameter of the bookingpress form shortcode due to insufficient escapin...
WordPress BookingPress Plugin <= 1.1.16 is vulnerable to SQL Injection
Software BookingPress Type Plugin Vulnerable versions = 1.1.16 Fixed in 1.1.17 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-10540 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID ae4b89138a08 Credits Arkadiusz Hydzik Required privilege Subscriber...