VYPR

Bookingpress

by WordPress

CVEs (9)

  • CVE-2026-6960CriMay 21, 2026
    risk 0.64cvss 9.8epss 0.01

    The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_func' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated…

  • CVE-2023-50841HigDec 28, 2023
    risk 0.55cvss 8.5epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and…

  • CVE-2023-51405HigApr 24, 2024
    risk 0.53cvss 8.2epss 0.01

    Improper Authentication vulnerability in Repute Infosystems BookingPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BookingPress: from n/a through 1.0.74.

  • CVE-2024-3022HigApr 4, 2024
    risk 0.40cvss 7.2epss 0.02

    The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level…

  • CVE-2023-6219HigNov 28, 2023
    risk 0.40cvss 7.2epss 0.01

    The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpress_process_upload' function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level…

  • CVE-2023-36507MedNov 30, 2023
    risk 0.34cvss 5.3epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin:…

  • CVE-2024-31296MedApr 7, 2024
    risk 0.28cvss 4.3epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.81.

  • CVE-2022-0739Mar 21, 2022
    risk 0.02cvss epss 0.37

    The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an…

  • CVE-2022-4340Jan 2, 2023
    risk 0.00cvss epss 0.01

    The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the…