{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T20:32:55.659","vulnerabilities":[{"cve":{"id":"CVE-2024-6467","sourceIdentifier":"security@wordfence.com","published":"2024-07-17T07:15:03.493","lastModified":"2026-04-08T19:22:09.090","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizard_settings_func' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary files that contain the content of files (either on the local server or from a remote location), allowing the execution of any PHP code in those files or the exposure of sensitive information."},{"lang":"es","value":"El complemento BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin para WordPress es vulnerable a la lectura de archivos arbitrarios y la creación de archivos arbitrarios en todas las versiones hasta la 1.1.5 incluida a través de la función 'bookingpress_save_lite_wizard_settings_func'. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, creen archivos arbitrarios que contengan el contenido de archivos en el servidor, permitiendo la ejecución de cualquier código PHP en esos archivos o la exposición de información confidencial."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-73"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:reputeinfosystems:bookingpress:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"1.1.6","matchCriteriaId":"A8CF2DD1-8A61-44C8-9AC4-F0AE958530BE"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3116857/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress.php","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d0177510-cd7d-4cc5-96c3-78433aa0e3f6?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"https://plugins.trac.wordpress.org/changeset/3116857/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress.php","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d0177510-cd7d-4cc5-96c3-78433aa0e3f6?source=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}