4 matches found
CVE-2024-6467
creationtimestamp| type| source ---|---|--- 2024-07-17 09:51:25+00:00| seen| https://t.me/cvedetector/1054...
CVE-2024-6467
BookingPress (Appointment Booking Calendar & Scheduling plugin for WordPress) is affected by CVE-2024-6467 and related disclosures. The vulnerability stems from the function bookingpress_save_lite_wizard_settings_func() which saves wizard settings without proper capability checks, and with a publ...
CVE-2024-6467 BookingPress Appointment Booking <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation
The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpresssavelitewizardsettingsfunc' function. This makes it possible fo...
WordPress BookingPress Plugin <= 1.1.5 is vulnerable to Arbitrary File Upload
Software BookingPress Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-6467 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c0415b7cfd0a Credits Arkadiusz Hydzik Required privilege...