182 matches found
Wordpress BookingPress bookingpress_front_get_category_services SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress BookingPress bookingpressfrontgetcategoryservices SQLi', 'Description' = %q The BookingPress WordPress plugin before 1.0.11 fails to...
CVE-2024-7350
CVE-2024-7350 affects the WordPress plugin BookingPress (Appointment Booking Calendar Plugin and Online Scheduling Plugin) . Impact: an authentication bypass in versions 1.1.6–1.1.7 due to inadequate verification of user identity during login after a booking, allowing unauthenticated actors to lo...
CVE-2024-7350 Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress 1.1.6 - 1.1.7 - Authentication Bypass to Account Takeover
The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This...
PT-2024-38281 · WordPress · Bookingpress
Name of the Vulnerable Software and Affected Versions: BookingPress plugin for WordPress versions 1.1.6 through 1.1.7 Description: The issue is related to authentication bypass due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This allo...
WordPress plugin BookingPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress BookingPress plugin 1.1.6 - 1.1.7 - Authentication Bypass to Account Takeover vulnerability
WordPress BookingPress plugin 1.1.6 - 1.1.7 - Authentication Bypass to Account Takeover vulnerability discovered by Gibran Abdillah in WordPress Plugin BookingPress versions 1.1.6 - 1.1.7...
WordPress BookingPress Plugin 1.1.6 - 1.1.7 is vulnerable to Broken Authentication
Software BookingPress Type Plugin Vulnerable versions 1.1.6 - 1.1.7 Fixed in 1.1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-7350 Patch priority Low CVSS severity Low 10 Developer Claim ownership PSID a00d0a9226a3 Credits Gibran Abdillah Required...
10,000 WordPress Sites Affected by High Severity Vulnerabilities in BookingPress WordPress Plugin
On July 2nd, 2024, during the 0-day Threat Hunt Promo of our Bug Bounty Program, we received a submission for an Arbitrary File Read to Arbitrary File Creation vulnerability in BookingPress, a WordPress plugin with over 10,000 active installations. This vulnerability makes it possible for...
CVE-2024-6467
The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpresssavelitewizardsettingsfunc' function. This makes it possible fo...
CVE-2024-6660
The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpressimportdatacontinueprocessfunc function in all...
CVE-2024-6660
The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpressimportdatacontinueprocessfunc function in all...
CVE-2024-6467
The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpresssavelitewizardsettingsfunc' function. This makes it possible fo...
CVE-2024-6467 BookingPress Appointment Booking <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation
The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpresssavelitewizardsettingsfunc' function. This makes it possible fo...
CVE-2024-6467 BookingPress Appointment Booking <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation
The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpresssavelitewizardsettingsfunc' function. This makes it possible fo...
CVE-2024-6467
BookingPress (Appointment Booking Calendar & Scheduling plugin for WordPress) is affected by CVE-2024-6467 and related disclosures. The vulnerability stems from the function bookingpress_save_lite_wizard_settings_func() which saves wizard settings without proper capability checks, and with a publ...
CVE-2024-6660 BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File Upload
The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpressimportdatacontinueprocessfunc function in all...
CVE-2024-6660
BookingPress (Appointment Booking Calendar Plugin for WordPress) is affected up to version 1.1.5 . The vulnerability stems from a missing capability check in the bookingpress_import_data_continue_process_func and publicly accessible nonce on the frontend, allowing authenticated users with Subscri...
WordPress BookingPress plugin <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File Upload vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update and Arbitrary File Upload vulnerability discovered by shaman0x01 in WordPress Plugin BookingPress versions = 1.1.5...
WordPress BookingPress Appointment Booking plugin <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation vulnerability
Authenticated Subscriber+ Arbitrary File Read to Arbitrary File Creation vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin BookingPress versions = 1.1.5...
WordPress BookingPress Plugin <= 1.1.5 is vulnerable to Arbitrary File Upload
Software BookingPress Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6660 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 0a2c97d6e1ad Credits shaman0x01 Required privilege Subscriber...