Reputeinfosystems Appointment Booking Calendar Plugin And Scheduling Plugin Bookingpress vulnerabilities
7 known vulnerabilities affecting reputeinfosystems/appointment_booking_calendar_plugin_and_scheduling_plugin_bookingpress.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-7350P2CRITICALCVSS 9.8≥ 1.1.6, ≤ 1.1.72024-08-08
CVE-2024-7350 [CRITICAL] CWE-288 CVE-2024-7350: The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordP
The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This makes it possible for unauthenticated attackers to log
nvd
CVE-2024-6660P3HIGHCVSS 8.8≤ 1.1.52024-07-17
CVE-2024-6660 [HIGH] CWE-280 CVE-2024-6660: The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordP
The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_func function in all versions up to, and including, 1.1.5. This makes it possi
nvd
CVE-2024-6467P3HIGHCVSS 8.8≤ 1.1.52024-07-17
CVE-2024-6467 [HIGH] CWE-73 CVE-2024-6467: The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordP
The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizard_settings_func' function. This makes it possible for authenticated attackers, with Subscriber-level acces
nvd
CVE-2024-3022P3HIGHCVSS 7.2≤ 1.0.872024-04-04
CVE-2024-3022 [HIGH] CWE-434 CVE-2024-3022: The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient fi
The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to upload arbitrary files on the affected site's server, ena
nvd
CVE-2023-6219P3HIGHCVSS 7.2≤ 1.0.762023-11-28
CVE-2023-6219 [HIGH] CWE-434 CVE-2023-6219: The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient fi
The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpress_process_upload' function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's serve
nvd
CVE-2024-10540P3MEDIUMCVSS 6.5≤ 1.1.162024-11-02
CVE-2024-10540 [MEDIUM] CWE-89 CVE-2024-10540: The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is
The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpress_form shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL
nvd
CVE-2024-11726P3MEDIUMCVSS 6.5≤ 1.1.212024-12-24
CVE-2024-11726 [MEDIUM] CWE-89 CVE-2024-11726: The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is
The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpress_form' shortcode in all versions up to, and including, 1.1.21 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S
nvd