Reputeinfosystems

Bookingpress

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.6

CVE-2025-31910

  • EPSS 0.03%
  • Veröffentlicht 01.04.2025 15:16:33
  • Zuletzt bearbeitet 01.04.2025 20:26:01

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems BookingPress allows SQL Injection. This issue affects BookingPress: from n/a through 1.1.28.

6.5

CVE-2025-24732

  • EPSS 0.06%
  • Veröffentlicht 24.01.2025 18:15:47
  • Zuletzt bearbeitet 24.01.2025 18:15:47

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking & Appointment - Repute Infosystems BookingPress allows DOM-Based XSS. This issue affects BookingPress: from n/a through 1.1.25.

6.5

CVE-2024-11726

  • EPSS 0.05%
  • Veröffentlicht 24.12.2024 11:15:07
  • Zuletzt bearbeitet 24.12.2024 11:15:07

The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpress_form' shortcode in all versions up to, and including, 1.1.21 due to ins...

6.5

CVE-2024-10540

  • EPSS 0.07%
  • Veröffentlicht 02.11.2024 02:15:12
  • Zuletzt bearbeitet 04.11.2024 13:18:27

The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpress_form shortcode in all versions up to, and including, 1.1.16 due to insuff...

8.8

CVE-2024-6467

  • EPSS 0.81%
  • Veröffentlicht 17.07.2024 07:15:03
  • Zuletzt bearbeitet 21.11.2024 09:49:42

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizar...

8.8

CVE-2024-6660

  • EPSS 0.3%
  • Veröffentlicht 17.07.2024 07:15:03
  • Zuletzt bearbeitet 21.11.2024 09:50:05

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_im...

5.3

CVE-2024-34799

  • EPSS 0.15%
  • Veröffentlicht 11.06.2024 17:16:01
  • Zuletzt bearbeitet 20.03.2025 11:11:29

Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.82.

9.8

CVE-2023-51405

  • EPSS 0.16%
  • Veröffentlicht 24.04.2024 16:15:08
  • Zuletzt bearbeitet 12.03.2025 18:33:56

Improper Authentication vulnerability in Repute Infosystems BookingPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BookingPress: from n/a through 1.0.74.

5.4

CVE-2024-31296

  • EPSS 0.08%
  • Veröffentlicht 07.04.2024 18:15:11
  • Zuletzt bearbeitet 20.03.2025 11:23:10

Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.81.

7.2

CVE-2024-3022

Exploit
  • EPSS 8.31%
  • Veröffentlicht 04.04.2024 02:15:07
  • Zuletzt bearbeitet 13.03.2025 01:38:18

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker wit...