3 matches found
CVE-2024-10540 Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.16 - Authenticated (Subscriber+) SQL Injection
The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpressform shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter a...
CVE-2024-10540 Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.16 - Authenticated (Subscriber+) SQL Injection
The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpressform shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter a...
CVE-2024-10540
CVE-2024-10540 affects the BookingPress plugin for WordPress (BookingPress/Appointment Booking Calendar) up to version 1.1.16. The vulnerability is a SQL Injection via the service parameter of the bookingpress_form shortcode caused by insufficient escaping and unsafe SQL query construction. Authe...