CVE-2023-6219 – The BookingPress WordPress plugin up to version... (How to Fix)

Q: What is the severity of CVE-2023-6219?

CVE-2023-6219 has a CVSS score of 7.2 (HIGH). The BookingPress WordPress plugin up to version 1.0.76 contains an arbitrary file upload vulnerability in the 'bookingpress_process_upload' function due to insufficient file validation. This allows authenticated attackers with administrator-level privileges to upload malicious files to the server, potentially leading to remote code execution. WordPress sites using vulnerable versions of the BookingPress plugin are affected.

📋 TL;DR

The BookingPress WordPress plugin up to version 1.0.76 contains an arbitrary file upload vulnerability in the 'bookingpress_process_upload' function due to insufficient file validation. This allows authenticated attackers with administrator-level privileges to upload malicious files to the server, potentially leading to remote code execution. WordPress sites using vulnerable versions of the BookingPress plugin are affected.

💻 Affected Systems

Products:

BookingPress Appointment Booking WordPress Plugin

Versions: Up to and including 1.0.76

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to have administrator-level WordPress user account. All WordPress installations with vulnerable plugin versions are affected regardless of underlying OS.

📦 What is this software?

Bookingpress by Reputeinfosystems

View all CVEs affecting Bookingpress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise via remote code execution, allowing attackers to install backdoors, steal data, deface websites, or pivot to other systems.

🟠

Likely Case

Website defacement, data theft, or installation of malware/backdoors on the compromised WordPress site.

🟢

If Mitigated

Limited impact if proper file upload restrictions and server hardening are in place, though the vulnerability still provides unauthorized file upload capability.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrator credentials but is technically simple once authenticated. Multiple public references demonstrate the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.77 and later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3001484/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_fileupload_class.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find BookingPress Appointment Booking. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.0.77+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable BookingPress Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate bookingpress-appointment-booking

Restrict File Uploads via .htaccess

linux

Block PHP file execution in upload directories

Add to .htaccess in wp-content/uploads: <Files *.php> deny from all </Files>

🧯 If You Can't Patch

Remove administrator accounts that are not absolutely necessary
Implement web application firewall rules to block suspicious file upload patterns

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → BookingPress version. If version is 1.0.76 or lower, you are vulnerable.

Check Version:

wp plugin get bookingpress-appointment-booking --field=version

Verify Fix Applied:

Verify BookingPress plugin version is 1.0.77 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to wp-content/uploads via bookingpress_process_upload
PHP file creation in upload directories by admin users
Multiple failed upload attempts with unusual file extensions

Network Indicators:

POST requests to /wp-admin/admin-ajax.php with action=bookingpress_process_upload containing executable files

SIEM Query:

source="wordpress.log" AND "bookingpress_process_upload" AND ("php" OR "exe" OR "phtml" OR file_extension IN (php, exe, phtml, jsp))

📊 Metadata

CVE ID: CVE-2023-6219

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: November 28, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6219, you might also want to check these: