cvedb.io
CVE-2024-3022
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2024-04-04T02:15:07.230 · Last modified 2026-06-17T07:43:09.067

Summary

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to upload arbitrary files on the affected site's server, enabling remote code execution.

Affected products

reputeinfosystems — bookingpress

Does this affect you?

Add your gear to cvedb and we'll alert you only when reputeinfosystems ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.