Lucene search
K

5 matches found

NVD
NVD
added 2024/04/04 2:15 a.m.20 views

CVE-2024-3022

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpressprocessupload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to...

7.2CVSS7.3AI score0.01563EPSS
Exploits1References3
CVE
CVE
added 2024/04/04 1:56 a.m.78 views

CVE-2024-3022

BookingPress for WordPress (all versions

7.2CVSS9.6AI score0.01563EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/04 1:56 a.m.16 views

CVE-2024-3022 BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpressprocessupload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to...

7.2CVSS7.6AI score0.01563EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/04/04 1:56 a.m.26 views

CVE-2024-3022 BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpressprocessupload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to...

7.2CVSS7.5AI score0.01563EPSS
Exploits1References3
Patchstack
Patchstack
added 2024/04/04 12:0 a.m.11 views

WordPress BookingPress Plugin <= 1.0.87 is vulnerable to Arbitrary File Upload

Software BookingPress Type Plugin Vulnerable versions = 1.0.87 Fixed in 1.0.88 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-3022 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 95c9a0019f7e Credits Dian Sun Required privilege Administrator...

7.2CVSS6.8AI score0.01563EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder