🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin

Information

Software Type	Plugin
Software Slug	bookingpress-appointment-booking (view on wordpress.org)
Software Status	Active
Software Author	reputeinfosystems
Software Website	www.bookingpressplugin.com
Software Downloads	258,861
Software Active Installs	10,000
Software Record Last Updated	May 3, 2024

9 Vulnerabilities

BookingPress <= 1.0.81 - Authenticated (Customer+) Insecure Direct Object Reference

4.3

CVE-2024-31296

Apr 5, 2024

Researcher: Steven Julian

BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload

7.2

CVE-2024-3022

Apr 3, 2024

Researcher: Dian Sun

BookingPress <= 1.0.74 - Booking Price Manipulation via bookingpress_confirm_booking

7.5

CVE-2023-51405

Dec 27, 2023

Researcher: Abdi Pranata

BookingPress <= 1.0.72 - Authenticated (Contributor+) SQL Injection

8.8

CVE-2023-50841

Dec 21, 2023

Researcher: Ngô Thiên An (ancorn_)

BookingPress <= 1.0.76 - Authenticated (Administrator+) Arbitrary File Upload

7.2

CVE-2023-6219

Nov 27, 2023

Researcher: István Márton

BookingPress <= 1.0.64 - Unauthenticated Sensitive Information Exposure

5.3

CVE-2023-36507

Jul 13, 2023

Researcher: Paul Goodchild

BookingPress <= 1.0.30 - Unauthenticated Insecure Direct Object Reference

6.5

CVE-2022-4340

Dec 7, 2022

Researcher: Hussien Misbah

BookingPress – Appointments Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.13 - SQL Injection

6.4

CVE ID Unknown

Apr 8, 2022

Researcher: Unknown

BookingPress < 1.0.11 - SQL Injection

9.8

CVE-2022-0739

Feb 28, 2022

Researcher: cydave

Title	CVE ID	CVSS	Researchers	Date
BookingPress <= 1.0.81 - Authenticated (Customer+) Insecure Direct Object Reference	CVE-2024-31296	4.3	Steven Julian	April 5, 2024
BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload	CVE-2024-3022	7.2	Dian Sun	April 3, 2024
BookingPress <= 1.0.74 - Booking Price Manipulation via bookingpress_confirm_booking	CVE-2023-51405	7.5	Abdi Pranata	December 27, 2023
BookingPress <= 1.0.72 - Authenticated (Contributor+) SQL Injection	CVE-2023-50841	8.8	Ngô Thiên An (ancorn_)	December 21, 2023
BookingPress <= 1.0.76 - Authenticated (Administrator+) Arbitrary File Upload	CVE-2023-6219	7.2	István Márton	November 27, 2023
BookingPress <= 1.0.64 - Unauthenticated Sensitive Information Exposure	CVE-2023-36507	5.3	Paul Goodchild	July 13, 2023
BookingPress <= 1.0.30 - Unauthenticated Insecure Direct Object Reference	CVE-2022-4340	6.5	Hussien Misbah	December 7, 2022
BookingPress – Appointments Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.13 - SQL Injection		6.4	Unknown	April 8, 2022
BookingPress < 1.0.11 - SQL Injection	CVE-2022-0739	9.8	cydave	February 28, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation