On August 3rd, 2024, we received a submission for an Arbitrary File Upload vulnerability in WP Hotel Booking, a WordPress plugin with more than 8,000 active installations. This vulnerability can be used by authenticated attackers, with subscriber-level access and above, to upload arbitrary files to a vulnerable site and achieve remote code execution, which is typically leveraged for a complete site takeover.
The post 8,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in WP Hotel Booking WordPress Plugin appeared first on Wordfence.
This article has been indexed from Blog – Wordfence