cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-3022,https://securityvulnerability.io/vulnerability/CVE-2024-3022,Arbitrary File Upload Vulnerability in BookingPress Plugin,"The BookingPress plugin for WordPress presents a critical security issue related to its 'bookingpress_process_upload' function, where inadequate filename validation allows for arbitrary file uploads. This vulnerability is particularly concerning for authenticated users, especially those with administrator privileges, as it could lead to the uploading of malicious files onto the server. Once an unauthorized file is executed, it opens up the potential for remote code execution, posing significant risks to the integrity and security of the affected WordPress sites hosted with this plugin.",Wordpress,Bookingpress – Appointment Booking Calendar Plugin And Online Scheduling Plugin,7.2,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-04T02:15:00.000Z,0 CVE-2023-6219,https://securityvulnerability.io/vulnerability/CVE-2023-6219,Arbitrary File Upload Vulnerability in BookingPress Plugin for WordPress,"The BookingPress plugin for WordPress contains a vulnerability that permits authenticated users, specifically those with administrator privileges, to upload arbitrary files via the 'bookingpress_process_upload' function. This vulnerability arises from inadequate file validation checks, allowing attackers to potentially execute remote code on the server hosting the affected site. It affects all versions of the BookingPress plugin up to and including 1.0.76, emphasizing the need for users to update their installations to mitigate the risk.",Wordpress,Bookingpress – Appointment Booking Calendar Plugin And Online Scheduling Plugin,7.2,HIGH,0.003100000089034438,false,,false,false,false,,false,false,2023-11-28T03:15:00.000Z,0 CVE-2022-0739,https://securityvulnerability.io/vulnerability/CVE-2022-0739,BookingPress < 1.0.11 - Unauthenticated SQL Injection,"The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection",Wordpress,Bookingpress – Appointments Booking Calendar Plugin And Online Scheduling Plugin,9.8,CRITICAL,0.022269999608397484,false,,false,false,true,true,false,false,2022-03-21T18:56:00.000Z,0