Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin 1.0.72

  • Severity: high-risk
  • Status: Open
  • Publication: December 21, 2023

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin for WordPress is vulnerable to a type of attack called SQL Injection. This type of attack makes it possible for people who have access to the plugin, such as contributors, to extract sensitive information from the database. This vulnerability exists in all versions of the plugin up to and including version 1.0.72 and is due to a parameter not being properly secured and an existing SQL query not being properly prepared.

Detected in:

Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress fixed vulnerable versions:
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress fixed vulnerable versions:
BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin open vulnerable versions: >= * <= 1.0.72

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.