WordPress Plugin Vulnerabilities

Booking Calendar <= 6.2 - SQL Injection

Description

The Booking Calendar WordPress plugin was affected by a SQL Injection security vulnerability.

Affects Plugins

Plugin icon
booking
Fixed in 6.2.1

References

Exploitdb
40189
URL
https://seclists.org/fulldisclosure/2016/Aug/1
URL
https://sumofpwn.nl/advisory/2016/sql_injection_vulnerability_in_booking_calendar_wordpress_plugin.html

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
2644b19e-42ef-45d7-8297-37926f31f883

Timeline

Publicly Published
2016-08-01 (about 9 years ago)
Added
2016-08-01 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-09-30
Title
YITH WooCommerce Ajax Search < 2.8.1 - Unauthenticated SQL Injection
Published
2021-09-27
Title
Check & Log Email < 1.0.3 - Admin+ SQL Injections
Published
2015-03-13
Title
WooCommerce 2.3 - 2.3.5 - SQL Injection
Published
2014-09-19
Title
YAWPP < 1.2.2 - SQL Injection
Published
2025-03-13
Title
Church Admin < 5.0.19 - Unauthenticated SQL Injection