Log out
Get PRO

Latest

Input validation vulnerability in Booking calendar, Appointment Booking System 3.2.9

  • Severity: high-risk
  • Status: Open
  • Publication: September 12, 2023

The Booking Calendar plugin for WordPress is vulnerable to a type of cyber attack known as SQL Injection. This plugin has a search function that, if exploited, allows people with certain privileges on the website access to sensitive information stored in the database. Versions of this plugin up to and including 3.2.8 are vulnerable because of how they escape user supplied parameters and the lack of preparation on the existing SQL query. Administrators can give access to the plugin’s Administrative pages to any user role, which means other roles may be able to exploit the vulnerability if they have been given access.

Detected in:

Booking calendar, Appointment Booking System open vulnerable versions: >= * < 3.2.9

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

© Really Simple Plugins
CoC 70461155
Kalmarweg 14-5
9723 JG, Groningen (NL)

Wordpress Linkedin Github

Get Started

About

Popular articles