Skip to main content

Bookingpress

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2024-3022 HIGH POC PATCH This Week

Authenticated arbitrary file upload in the BookingPress WordPress plugin (versions through 1.0.87) enables remote code execution by administrator-level users who can upload malicious files via the 'bookingpress_process_upload' function. Publicly available exploit code exists and EPSS places this in the 92nd percentile (8.31% probability), indicating elevated likelihood of exploitation attempts despite the high-privilege requirement. The flaw affects the free WordPress edition distributed by Repute InfoSystems.

File Upload RCE WordPress Bookingpress
NVD
CVSS 3.1
7.2
EPSS
8.3%
CVE-2024-3022
EPSS 8% CVSS 7.2
HIGH POC PATCH This Week

Authenticated arbitrary file upload in the BookingPress WordPress plugin (versions through 1.0.87) enables remote code execution by administrator-level users who can upload malicious files via the 'bookingpress_process_upload' function. Publicly available exploit code exists and EPSS places this in the 92nd percentile (8.31% probability), indicating elevated likelihood of exploitation attempts despite the high-privilege requirement. The flaw affects the free WordPress edition distributed by Repute InfoSystems.

File Upload RCE WordPress +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy