CVE-2024-3022

Name of the Vulnerable Software and Affected Versions BookingPress plugin for WordPress versions up to, and including 1.0.87

Description The issue arises from insufficient filename validation in the bookingpress process upload function, allowing an authenticated attacker with administrator-level capabilities or higher to upload arbitrary files on the affected site's server. This enables remote code execution.

Recommendations For versions up to, and including 1.0.87, update to a version higher than 1.0.87 to resolve the issue. As a temporary workaround, consider disabling the bookingpress process upload function until a patch is available.