Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical1
High2
Medium1
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2024-11-04

CVE-2024-10540 - Bookingpress Appointment Booking Plugin

The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpress_form shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN Bookingpress Appointment Booking

CVE-2024-10540

MEDIUM CVSS 5.3 2024-11-02
Open Full Technical Breakdown
Threat Entry Updated 2024-08-08

CVE-2024-7350 - Bookingpress Appointment Booking Plugin

The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they have access to that user's email. This is only exploitable when the 'Auto login user after successful booking' setting is enabled.

PLUGIN Bookingpress Appointment Booking

CVE-2024-7350

CRITICAL CVSS 9.8 2024-08-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-6660 - Bookingpress Appointment Booking Plugin

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_func function in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site and upload arbitrary files. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain…

PLUGIN Bookingpress Appointment Booking

CVE-2024-6660

HIGH CVSS 8.8 2024-07-17
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-6219 - Bookingpress Appointment Booking Plugin

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpress_process_upload' function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

PLUGIN Bookingpress Appointment Booking

CVE-2023-6219

HIGH CVSS 7.2 2023-11-28
Open Full Technical Breakdown
Scroll to top