Vulnerabilities > Reputeinfosystems > Bookingpress > 1.0.85
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-02 | CVE-2024-10540 | SQL Injection vulnerability in Reputeinfosystems Bookingpress The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpress_form shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2024-04-04 | CVE-2024-3022 | Unrestricted Upload of File with Dangerous Type vulnerability in Reputeinfosystems Bookingpress The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including 1.0.87. | 7.2 |