PT-2023-32568 · WordPress · Bookingpress
István Márton
·
Published
2023-11-28
·
Updated
2023-12-01
·
CVE-2023-6219
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
BookingPress plugin for WordPress versions up to, and including, 1.0.76
Description
The issue is related to insufficient file validation on the
bookingpress process upload function, allowing authenticated attackers with administrator-level capabilities or above to upload arbitrary files on the affected site's server. This could potentially lead to remote code execution.Recommendations
For versions up to, and including, 1.0.76, update to a version that fixes the insufficient file validation issue in the
bookingpress process upload function to prevent arbitrary file uploads.
As a temporary workaround, consider restricting access to the bookingpress process upload function until a patch is available.Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bookingpress