cbcvebase.

Reputeinfosystems Bookingpress vulnerabilities

14 known vulnerabilities affecting reputeinfosystems/bookingpress.

Total CVEs
14
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH6MEDIUM6

Vulnerabilities

Page 1 of 1
CVE-2022-0739P2CRITICALCVSS 9.8PoCfixed in 1.0.112022-03-21
CVE-2022-0739 [CRITICAL] CWE-89 CVE-2022-0739: The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data b The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection
nvd
CVE-2024-6660P3HIGHCVSS 8.8fixed in 1.1.62024-07-17
CVE-2024-6660 [HIGH] CWE-280 CVE-2024-6660: The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordP The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_func function in all versions up to, and including, 1.1.5. This makes it possi
nvd
CVE-2023-51405P3CRITICALCVSS 9.8fixed in 1.0.752024-04-24
CVE-2023-51405 [CRITICAL] CWE-287 CVE-2023-51405: Improper Authentication vulnerability in Repute Infosystems BookingPress allows Accessing Functional Improper Authentication vulnerability in Repute Infosystems BookingPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BookingPress: from n/a through 1.0.74.
nvd
CVE-2024-6467P3HIGHCVSS 8.8fixed in 1.1.62024-07-17
CVE-2024-6467 [HIGH] CWE-73 CVE-2024-6467: The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordP The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizard_settings_func' function. This makes it possible for authenticated attackers, with Subscriber-level acces
nvd
CVE-2023-50841P3HIGHCVSS 8.8≤ 1.0.722023-12-28
CVE-2023-50841 [HIGH] CWE-89 CVE-2023-50841: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.72.
nvd
CVE-2024-3022P3HIGHCVSS 7.2≤ 1.0.872024-04-04
CVE-2024-3022 [HIGH] CWE-434 CVE-2024-3022: The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient fi The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to upload arbitrary files on the affected site's server, ena
nvd
CVE-2023-6219P3HIGHCVSS 7.2≤ 1.0.762023-11-28
CVE-2023-6219 [HIGH] CWE-434 CVE-2023-6219: The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient fi The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpress_process_upload' function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's serve
nvd
CVE-2025-31910P3HIGHCVSS 7.6fixed in 1.1.38≤ 1.1.282025-04-01
CVE-2025-31910 [HIGH] CWE-89 CVE-2025-31910: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows SQL Injection.This issue affects BookingPress: from n/a through <= 1.1.28.
nvd
CVE-2024-10540P3MEDIUMCVSS 6.5fixed in 1.1.172024-11-02
CVE-2024-10540 [MEDIUM] CWE-89 CVE-2024-10540: The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpress_form shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL
nvd
CVE-2024-31296P4MEDIUMCVSS 5.4fixed in 1.0.822024-04-07
CVE-2024-31296 [MEDIUM] CWE-639 CVE-2024-31296: Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.Th Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.81.
nvd
CVE-2024-34799P4MEDIUMCVSS 5.3fixed in 1.0.832024-06-11
CVE-2024-34799 [MEDIUM] CWE-862 CVE-2024-34799: Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPre Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.82.
nvd
CVE-2023-36507P4MEDIUMCVSS 5.3≤ 1.0.642023-11-30
CVE-2023-36507 [MEDIUM] CWE-200 CVE-2023-36507: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems Booki Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.64.
nvd
CVE-2022-4340P4MEDIUMCVSS 5.3fixed in 1.0.312023-01-02
CVE-2022-4340 [MEDIUM] CWE-639 CVE-2022-4340: The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (ID The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointment_id query parameter.
nvd
CVE-2025-24732P4MEDIUMCVSS 5.4fixed in 1.1.26≤ 1.1.252025-01-24
CVE-2025-24732 [MEDIUM] CWE-79 CVE-2025-24732: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows DOM-Based XSS.This issue affects BookingPress: from n/a through <= 1.1.25.
nvd
Reputeinfosystems Bookingpress vulnerabilities | cvebase