CyberSecurity updates
Updated: 2024-10-10 06:03:22 Pacfic

Flag This


WordPress Plugin Vulnerability: Arbitrary File Upload in WP Hotel Booking - 8d

The WP Hotel Booking WordPress plugin, with over 8,000 active installations, was found to be vulnerable to arbitrary file uploads due to missing file type validation. This critical vulnerability allows authenticated attackers, with subscriber-level access, to upload malicious files, potentially leading to remote code execution and complete website takeover. Wordfence detected and reported this vulnerability, earning the researcher a bounty of $488. The ThimPress team, the plugin developer, has released a patch for version 2.1.3, which users are urged to update to immediately.