First published: Thu Apr 04 2024(Updated: )
The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to upload arbitrary files on the affected site's server, enabling remote code execution.
Credit: security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
<=1.0.87 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.