Reputeinfosystems: >> Bookingpress >> 1.0.68 Security Vulnerabilities
The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpress_process_upload' function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS Score
7.2
EPSS Score
0.021
Published
2023-11-28
Page 2