Lucene search
K

182 matches found

packetstorm
packetstorm
added 2024/08/31 12:0 a.m.510 views

Wordpress BookingPress bookingpress_front_get_category_services SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress BookingPress bookingpressfrontgetcategoryservices SQLi', 'Description' = %q The BookingPress WordPress plugin before 1.0.11 fails to...

9.8CVSS7AI score0.37171EPSS
Exploits11
cve
cve
added 2024/08/08 2:32 a.m.60 views

CVE-2024-7350

CVE-2024-7350 affects the WordPress plugin BookingPress (Appointment Booking Calendar Plugin and Online Scheduling Plugin) . Impact: an authentication bypass in versions 1.1.6–1.1.7 due to inadequate verification of user identity during login after a booking, allowing unauthenticated actors to lo...

9.8CVSS9.6AI score0.00656EPSS
Exploits0References3
cvelist
cvelist
added 2024/08/08 2:32 a.m.28 views

CVE-2024-7350 Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress 1.1.6 - 1.1.7 - Authentication Bypass to Account Takeover

The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This...

9.8CVSS0.00656EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2024/08/08 12:0 a.m.6 views

PT-2024-38281 · WordPress · Bookingpress

Name of the Vulnerable Software and Affected Versions: BookingPress plugin for WordPress versions 1.1.6 through 1.1.7 Description: The issue is related to authentication bypass due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This allo...

9.8CVSS7AI score0.00656EPSS
Exploits0References7
cnnvd
cnnvd
added 2024/08/08 12:0 a.m.6 views

WordPress plugin BookingPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS6.5AI score0.00656EPSS
Exploits0References4
patchstack
patchstack
added 2024/08/07 2:13 p.m.6 views

WordPress BookingPress plugin 1.1.6 - 1.1.7 - Authentication Bypass to Account Takeover vulnerability

WordPress BookingPress plugin 1.1.6 - 1.1.7 - Authentication Bypass to Account Takeover vulnerability discovered by Gibran Abdillah in WordPress Plugin BookingPress versions 1.1.6 - 1.1.7...

9.8CVSS7AI score0.00656EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/08/07 12:0 a.m.9 views

WordPress BookingPress Plugin 1.1.6 - 1.1.7 is vulnerable to Broken Authentication

Software BookingPress Type Plugin Vulnerable versions 1.1.6 - 1.1.7 Fixed in 1.1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-7350 Patch priority Low CVSS severity Low 10 Developer Claim ownership PSID a00d0a9226a3 Credits Gibran Abdillah Required...

9.8CVSS6.6AI score0.00656EPSS
Exploits0References3Affected Software1
wordfence
wordfence
added 2024/07/22 5:6 p.m.25 views

10,000 WordPress Sites Affected by High Severity Vulnerabilities in BookingPress WordPress Plugin

On July 2nd, 2024, during the 0-day Threat Hunt Promo of our Bug Bounty Program, we received a submission for an Arbitrary File Read to Arbitrary File Creation vulnerability in BookingPress, a WordPress plugin with over 10,000 active installations. This vulnerability makes it possible for...

8.8CVSS8AI score0.00856EPSS
Exploits0
osv
osv
added 2024/07/17 7:15 a.m.4 views

CVE-2024-6467

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpresssavelitewizardsettingsfunc' function. This makes it possible fo...

8.8CVSS6.3AI score0.00856EPSS
Exploits0References2
osv
osv
added 2024/07/17 7:15 a.m.14 views

CVE-2024-6660

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpressimportdatacontinueprocessfunc function in all...

8.8CVSS5.7AI score0.00621EPSS
Exploits0References5
nvd
nvd
added 2024/07/17 7:15 a.m.28 views

CVE-2024-6660

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpressimportdatacontinueprocessfunc function in all...

8.8CVSS0.00621EPSS
Exploits0References5
nvd
nvd
added 2024/07/17 7:15 a.m.33 views

CVE-2024-6467

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpresssavelitewizardsettingsfunc' function. This makes it possible fo...

8.8CVSS0.00856EPSS
Exploits0References2
cvelist
cvelist
added 2024/07/17 6:45 a.m.33 views

CVE-2024-6467 BookingPress Appointment Booking <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpresssavelitewizardsettingsfunc' function. This makes it possible fo...

8.8CVSS0.00856EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/07/17 6:45 a.m.16 views

CVE-2024-6467 BookingPress Appointment Booking <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpresssavelitewizardsettingsfunc' function. This makes it possible fo...

8.8CVSS6.5AI score0.00856EPSS
Exploits0References2
cve
cve
added 2024/07/17 6:45 a.m.69 views

CVE-2024-6467

BookingPress (Appointment Booking Calendar & Scheduling plugin for WordPress) is affected by CVE-2024-6467 and related disclosures. The vulnerability stems from the function bookingpress_save_lite_wizard_settings_func() which saves wizard settings without proper capability checks, and with a publ...

8.8CVSS6.5AI score0.00856EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2024/07/17 6:45 a.m.21 views

CVE-2024-6660 BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File Upload

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpressimportdatacontinueprocessfunc function in all...

8.8CVSS7.3AI score0.00621EPSS
Exploits0References5
cve
cve
added 2024/07/17 6:45 a.m.62 views

CVE-2024-6660

BookingPress (Appointment Booking Calendar Plugin for WordPress) is affected up to version 1.1.5 . The vulnerability stems from a missing capability check in the bookingpress_import_data_continue_process_func and publicly accessible nonce on the frontend, allowing authenticated users with Subscri...

8.8CVSS8.8AI score0.00621EPSS
Exploits0References5Affected Software1
patchstack
patchstack
added 2024/07/17 2:15 a.m.6 views

WordPress BookingPress plugin <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File Upload vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update and Arbitrary File Upload vulnerability discovered by shaman0x01 in WordPress Plugin BookingPress versions = 1.1.5...

8.8CVSS7AI score0.00621EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/07/17 2:12 a.m.5 views

WordPress BookingPress Appointment Booking plugin <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation vulnerability

Authenticated Subscriber+ Arbitrary File Read to Arbitrary File Creation vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin BookingPress versions = 1.1.5...

8.8CVSS7AI score0.00856EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/07/17 12:0 a.m.15 views

WordPress BookingPress Plugin <= 1.1.5 is vulnerable to Arbitrary File Upload

Software BookingPress Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6660 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 0a2c97d6e1ad Credits shaman0x01 Required privilege Subscriber...

8.8CVSS6.8AI score0.00621EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder