CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-6960 — The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file upload...

·Source: NIST NVD

Updated:

Executive Summary

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_func' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The vulne

Analysis

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_func' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The vulnerability can only be exploited if a signature custom field is added to the booking form. CVSS Score: 9.8. Published: 2026-05-21T22:16:48.643.

Indicators of Compromise (1)

CVE (1)
CVE-2026-6960
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on May 21, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

New Jamf CEO Sees AI Advances as Apple Security Driver

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/new-jamf-ceo-sees-ai-advances-as-apple-security-driver-image_small-3-a-31749.jpg" align=right hspace=4><b>CEO Beth Tschida: AI Developers' Apple Preference Could Strengthen Jamf's Position</b><br>Chief Technology Officer Beth Tschida takes over as CEO of Minneapolis-based Jamf with a mandate to define how the Apple management and

Bank Info Security
MEDIUMVulnerability

State Officials Urge Congress to Renew Cyber Grant Program

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/state-officials-urge-congress-to-renew-cyber-grant-program-image_small-6-a-31748.jpg" align=right hspace=4><b>Officials Warn Local Governments Lack Resources to Counter Advanced Threats</b><br>State cybersecurity officials warned Congress that Chinese-linked intrusions and rapidly advancing artificial intelligence systems are over

Bank Info Security
CRITICALVulnerability

Critical vulnerability in Cisco Secure Workload rated at maximum severity

A critical vulnerability in the on-premises version of the Cisco Secure Workload security platform could allow a threat actor to obtain the privileges of a site admin, enabling them to compromise endpoints and read or modify configuration data. “CSOs need to drop what they are doing and patch this immediately,” warned consultant Robert Enderle , who heads the Enderle Group. “Cisco Secure Workload

CVE-2026-20223
CSO Online