Documentation: Home / Vulnerabilities / Input validation vulnerability in Booking calendar, Appointment Booking System 3.2.11

Latest

Input validation vulnerability in Booking calendar, Appointment Booking System 3.2.11

Severity: high-risk
Status: Open
Publication: October 29, 2023

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to a type of attack called SQL Injection. This attack affects all versions up to, and including, 3.2.11. With this type of attack, an attacker can gain access to sensitive information from the database, if they have administrator-level access. This is possible because of insufficient escaping on the user supplied parameter and a lack of sufficient preparation on the existing SQL query.

Detected in:

Booking calendar, Appointment Booking System open vulnerable versions: >= * <= 3.2.11

Open source

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

Incorrect?

Is this information incorrect? Please leave us a message.

Latest

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 not found errors

Protecting site visitors with Security Headers

Hardening your website’s security

Login protection as essential security

Input validation vulnerability in Booking calendar, Appointment Booking System 3.2.11

Detected in:

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

Get Started

About

Popular articles