WordPress Plugin Vulnerabilities

Appointment Booking Calendar < 1.1.25 - Unauthenticated SQL Injection

Description

The Appointment Booking Calendar WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability.

Affects Plugins

Plugin icon
appointment-booking-calendar
Fixed in 1.1.25

References

Exploitdb
39342
URL
http://wordpress.dwbooster.com/calendars/booking-calendar-contact-form

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.4 (critical)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
54057368-b2bd-4915-a77a-ca867f851c49

Timeline

Publicly Published
2016-01-27 (about 8 years ago)
Added
2016-01-28 (about 8 years ago)
Last Updated
2020-08-10 (about 3 years ago)

Other

Published
Title
Published
2023-02-06
Title
My Sticky Elements < 2.0.9 - Admin+ SQLi
Published
2024-02-16
Title
Piraeus Bank WooCommerce Payment Gateway < 1.7.0 - Unauthenticated SQL Injection
Published
2015-07-08
Title
Pretty Link Lite <= 1.6.7 - Authenticated SQL Injection
Published
2018-09-05
Title
Image Intense <= 3.2.5 - Authenticated SQL Injection in shortcodes
Published
2024-04-12
Title
Disable Comments | WPZest <= 1.51 - Authenticated (Administrator+) SQL Injection