The Booking Calendar | Appointment Booking | BookIt plugin for WordPress has a security issue in versions up to 2.4.4 that could allow an attacker with administrator access to extract sensitive information from the database. This is due to a lack of escaping user supplied parameters and insufficient preparation of existing SQL queries.