The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCECreditscydaveReferenceshttps://wpscan.com/vulnerability/4d91f3e1-4de9-46c1-b5ba-cc55b7726867
