CVE-2024-3022 - Vulnerability Details - OpenCVE

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to upload arbitrary files on the affected site's server, enabling remote code execution.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Reputeinfosystems	Bookingpress

Configuration 1 [-]

cpe:2.3:a:reputeinfosystems:bookingpress:*:*:*:*:free:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/changeset/3061435/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_fileupload_class.php
https://r0ot.notion.site/BookingPress-1-0-84-Authenticated-Administrator-Arbitrary-File-Upload-lead-to-RCE-e2603371c0c14d828144e26f2fdc1d01?pvs=4
https://www.wordfence.com/threat-intel/vulnerabilities/id/049ec264-3ed1-4741-937d-8a633ef0a627?source=cve

History

Thu, 13 Mar 2025 02:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Reputeinfosystems Reputeinfosystems bookingpress
Weaknesses		CWE-434
CPEs		cpe:2.3:a:reputeinfosystems:bookingpress:::::free:wordpress::
Vendors & Products		Reputeinfosystems Reputeinfosystems bookingpress

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-04-04T01:56:44.555Z

Updated: 2024-08-01T19:32:42.511Z

Reserved: 2024-03-27T18:18:50.249Z

Link: CVE-2024-3022

Vulnrichment

Updated: 2024-08-01T19:32:42.511Z

NVD

Status : Analyzed

Published: 2024-04-04T02:15:07.230

Modified: 2025-03-13T01:38:18.387

Link: CVE-2024-3022

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3022", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-03-27T18:18:50.249Z", "datePublished": "2024-04-04T01:56:44.555Z", "dateUpdated": "2024-08-01T19:32:42.511Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-04-04T01:56:44.555Z"}, "affected": [{"vendor": "reputeinfosystems", "product": "BookingPress \u2013 Appointment Booking Calendar Plugin and Online Scheduling Plugin", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "1.0.87", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to upload arbitrary files on the affected site's server, enabling remote code execution."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/049ec264-3ed1-4741-937d-8a633ef0a627?source=cve"}, {"url": "https://r0ot.notion.site/BookingPress-1-0-84-Authenticated-Administrator-Arbitrary-File-Upload-lead-to-RCE-e2603371c0c14d828144e26f2fdc1d01?pvs=4"}, {"url": "https://plugins.trac.wordpress.org/changeset/3061435/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_fileupload_class.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Dian Sun"}], "timeline": [{"time": "2024-04-03T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"affected": [{"vendor": "reputeinfosystems", "product": "bookingpress", "cpes": ["cpe:2.3:a:reputeinfosystems:bookingpress:*:*:*:*:*:wordpress:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.0.87", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-04T15:22:22.052698Z", "id": "CVE-2024-3022", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T15:17:18.951Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.511Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/049ec264-3ed1-4741-937d-8a633ef0a627?source=cve", "tags": ["x_transferred"]}, {"url": "https://r0ot.notion.site/BookingPress-1-0-84-Authenticated-Administrator-Arbitrary-File-Upload-lead-to-RCE-e2603371c0c14d828144e26f2fdc1d01?pvs=4", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3061435/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_fileupload_class.php", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/049ec264-3ed1-4741-937d-8a633ef0a627?source=cve", "tags": ["x_transferred"]}, {"url": "https://r0ot.notion.site/BookingPress-1-0-84-Authenticated-Administrator-Arbitrary-File-Upload-lead-to-RCE-e2603371c0c14d828144e26f2fdc1d01?pvs=4", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3061435/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_fileupload_class.php", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.511Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3022", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-04T15:22:22.052698Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:reputeinfosystems:bookingpress:*:*:*:*:*:wordpress:*:*"], "vendor": "reputeinfosystems", "product": "bookingpress", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.87", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T15:17:14.840Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Dian Sun"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "reputeinfosystems", "product": "BookingPress \u2013 Appointment Booking Calendar Plugin and Online Scheduling Plugin", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.0.87"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-04-03T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/049ec264-3ed1-4741-937d-8a633ef0a627?source=cve"}, {"url": "https://r0ot.notion.site/BookingPress-1-0-84-Authenticated-Administrator-Arbitrary-File-Upload-lead-to-RCE-e2603371c0c14d828144e26f2fdc1d01?pvs=4"}, {"url": "https://plugins.trac.wordpress.org/changeset/3061435/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_fileupload_class.php"}], "descriptions": [{"lang": "en", "value": "The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to upload arbitrary files on the affected site's server, enabling remote code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-04-04T01:56:44.555Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3022", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:32:42.511Z", "dateReserved": "2024-03-27T18:18:50.249Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-04-04T01:56:44.555Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:reputeinfosystems:bookingpress:*:*:*:*:free:wordpress:*:*", "matchCriteriaId": "0EF84690-CF27-48F0-8FB7-06F6012D37A9", "versionEndIncluding": "1.0.87", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to upload arbitrary files on the affected site's server, enabling remote code execution."}, {"lang": "es", "value": "El complemento BookingPress para WordPress es vulnerable a cargas de archivos arbitrarias debido a una validaci\u00f3n insuficiente del nombre de archivo en la funci\u00f3n 'bookingpress_process_upload' en todas las versiones hasta la 1.0.87 incluida. Esto permite que un atacante autenticado con capacidades de nivel de administrador o superior cargue archivos arbitrarios en el servidor del sitio afectado, lo que permite la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2024-3022", "lastModified": "2025-03-13T01:38:18.387", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-04T02:15:07.230", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3061435/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_fileupload_class.php"}, {"source": "security@wordfence.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://r0ot.notion.site/BookingPress-1-0-84-Authenticated-Administrator-Arbitrary-File-Upload-lead-to-RCE-e2603371c0c14d828144e26f2fdc1d01?pvs=4"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/049ec264-3ed1-4741-937d-8a633ef0a627?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3061435/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_fileupload_class.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://r0ot.notion.site/BookingPress-1-0-84-Authenticated-Administrator-Arbitrary-File-Upload-lead-to-RCE-e2603371c0c14d828144e26f2fdc1d01?pvs=4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/049ec264-3ed1-4741-937d-8a633ef0a627?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}