2 matches found
CVE-2024-6660 BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File Upload
The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpressimportdatacontinueprocessfunc function in all...
WordPress BookingPress Plugin <= 1.1.5 is vulnerable to Arbitrary File Upload
Software BookingPress Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6660 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 0a2c97d6e1ad Credits shaman0x01 Required privilege Subscriber...