WordPress Plugin Vulnerabilities

Pinpoint Booking System <= 2.0 - Authenticated Blind SQL Injection

Description

The Pinpoint Booking System – #1 WordPress Booking Plugin WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
booking-system
Fixed in 2.1

References

CVE
CVE-2015-9460
URL
http://cinu.pl/research/wp-plugins/mail_dad9a09a6290ae952bfd97010583bdbd.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
8.8 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
2dffadda-6452-400f-93a0-6e91ab642614

Timeline

Publicly Published
2015-07-07 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-06-11
Title
Dokan Pro < 3.11.0 - Unauthenticated SQL Injection
Published
2024-12-24
Title
WP Data Access – App, Table, Form and Chart Builder plugin < 5.5.23 - Unauthenticated SQL Injection
Published
2014-08-01
Title
Google Analytics Dashboard 2.0.4 - gad-admin-pages-posts.php pid Parameter SQL Injection
Published
2022-05-30
Title
Events Made Easy < 2.2.81 - Unauthenticated SQLi
Published
2022-12-12
Title
Web Invoice <= 2.1.3 - Authenticated SQLi