Description
WordPress Plugin Appointment Booking Calendar and Online Scheduling-BookingPress is prone to an arbitrary file creation vulnerability. Exploiting this issue may allow attackers to create arbitrary files populated with content of files from local or remote sources, allowing the execution of any PHP code in those files, or the exposure of sensitive information. WordPress Plugin Appointment Booking Calendar and Online Scheduling-BookingPress version 1.1.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.1.6 or latest
References
Related Vulnerabilities
WordPress Plugin SI CAPTCHA Anti-Spam Cross-Site Scripting (2.7.5)
Joomla CVE-2019-12764 Vulnerability (CVE-2019-12764)
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.17)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14820)
WordPress Plugin WP Limit Login Attempts Security Bypass (2.6.4)