Vulnerabilities > Reputeinfosystems > Bookingpress > 1.0.77
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-02 | CVE-2024-10540 | SQL Injection vulnerability in Reputeinfosystems Bookingpress The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpress_form shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2024-06-11 | CVE-2024-34799 | Unspecified vulnerability in Reputeinfosystems Bookingpress Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.82. | 5.3 |
| 2024-04-07 | CVE-2024-31296 | Unspecified vulnerability in Reputeinfosystems Bookingpress Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.81. | 5.4 |
| 2024-04-04 | CVE-2024-3022 | Unrestricted Upload of File with Dangerous Type vulnerability in Reputeinfosystems Bookingpress The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including 1.0.87. | 7.2 |