cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11726,https://securityvulnerability.io/vulnerability/CVE-2024-11726,SQL Injection Vulnerability in BookingPress Plugin for WordPress,"The BookingPress plugin for WordPress contains a vulnerability that allows authenticated users, specifically those with Contributor-level access or higher, to exploit an SQL Injection flaw through the 'category' parameter of the 'bookingpress_form' shortcode. Due to inadequate parameter escaping and insufficient preparation of the existing SQL query, attackers can manipulate the SQL statements to append their own queries. This can lead to the unauthorized extraction of sensitive information from the database, posing significant risks to web application security and user data integrity.",Wordpress,Appointment Booking Calendar Plugin And Scheduling Plugin – Bookingpress,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,false,false,2024-12-24T11:09:50.216Z,0
CVE-2024-10540,https://securityvulnerability.io/vulnerability/CVE-2024-10540,SQL Injection Vulnerability in BookingPress Plugin,"The Appointment Booking Calendar Plugin and Scheduling Plugin, known as the BookingPress plugin for WordPress, is vulnerable to SQL Injection through the 'service' parameter of the 'bookingpress_form' shortcode. This vulnerability arises from insufficient escaping of user-supplied parameters and inadequate preparation of SQL queries. Authenticated attackers with Subscriber-level access or higher can exploit this vulnerability to inject additional SQL queries into existing requests, potentially enabling them to extract sensitive database information. Website administrators are advised to review their current versions and apply necessary updates to mitigate this security risk.",Wordpress,Appointment Booking Calendar Plugin And Scheduling Plugin – Bookingpress,6.5,MEDIUM,0.0006099999882280827,false,,false,false,false,,false,false,2024-11-02T02:15:00.000Z,0
CVE-2024-7350,https://securityvulnerability.io/vulnerability/CVE-2024-7350,Unauthorized Access to Administrator Accounts Through Plugin's Authentication Bypass,"The Appointment Booking Calendar Plugin and Online Scheduling Plugin developed by BookingPress for WordPress has a vulnerability that allows for authentication bypass in versions 1.1.6 to 1.1.7. This vulnerability arises from inadequate verification of user identity during the login process after a booking is completed. When the 'Auto login user after successful booking' feature is enabled, attackers without proper credentials can exploit this flaw to impersonate any registered user, including administrators, if they have access to the victim's email address.",Wordpress,Appointment Booking Calendar Plugin And Scheduling Plugin – Bookingpress,9.8,CRITICAL,0.0006300000241026282,false,,false,false,false,,false,false,2024-08-08T02:32:06.827Z,0
CVE-2024-3022,https://securityvulnerability.io/vulnerability/CVE-2024-3022,Arbitrary File Upload Vulnerability in BookingPress Plugin,"The BookingPress plugin for WordPress presents a critical security issue related to its 'bookingpress_process_upload' function, where inadequate filename validation allows for arbitrary file uploads. This vulnerability is particularly concerning for authenticated users, especially those with administrator privileges, as it could lead to the uploading of malicious files onto the server. Once an unauthorized file is executed, it opens up the potential for remote code execution, posing significant risks to the integrity and security of the affected WordPress sites hosted with this plugin.",Wordpress,Bookingpress – Appointment Booking Calendar Plugin And Online Scheduling Plugin,7.2,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-04T02:15:00.000Z,0
CVE-2023-6219,https://securityvulnerability.io/vulnerability/CVE-2023-6219,Arbitrary File Upload Vulnerability in BookingPress Plugin for WordPress,"The BookingPress plugin for WordPress contains a vulnerability that permits authenticated users, specifically those with administrator privileges, to upload arbitrary files via the 'bookingpress_process_upload' function. This vulnerability arises from inadequate file validation checks, allowing attackers to potentially execute remote code on the server hosting the affected site. It affects all versions of the BookingPress plugin up to and including 1.0.76, emphasizing the need for users to update their installations to mitigate the risk.",Wordpress,Bookingpress – Appointment Booking Calendar Plugin And Online Scheduling Plugin,7.2,HIGH,0.003100000089034438,false,,false,false,false,,false,false,2023-11-28T03:15:00.000Z,0
CVE-2022-0739,https://securityvulnerability.io/vulnerability/CVE-2022-0739,BookingPress < 1.0.11 - Unauthenticated SQL Injection,"The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection",Wordpress,Bookingpress – Appointments Booking Calendar Plugin And Online Scheduling Plugin,9.8,CRITICAL,0.022269999608397484,false,,false,false,true,true,false,false,2022-03-21T18:56:00.000Z,0