CVE-2024-3022
- Reference to the description:
- Description:
- The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to upload arbitrary files on the affected site's server, enabling remote code execution.
- Last updated date:
- 03/13/2025
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 03/13/2025