WordPress Plugin Vulnerabilities

CP Reservation Calendar <= 1.1.6 - Unauthenticated SQL Injection

Description

The CP Reservation Calendar WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability.

Affects Plugins

Plugin icon
cp-reservation-calendar
Fixed in 1.1.7

References

CVE
CVE-2015-7235
Exploitdb
38187

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
83a0ccf5-501d-4d85-a36b-0fdebc8d09a7

Timeline

Publicly Published
2015-09-15 (about 10 years ago)
Added
2015-09-18 (about 10 years ago)
Last Updated
2019-10-31 (about 6 years ago)

Other

Published
Title
Published
2024-06-28
Title
PayPlus Payment Gateway < 6.6.9 - Unauthenticated SQLi
Published
2025-05-16
Title
Magic Responsive Slider and Carousel WordPress < 1.6 - Authenticated (Contributor+) SQL Injection
Published
2022-03-21
Title
Advanced Booking Calendar < 1.7.1 - Admin+ SQLi
Published
2025-10-14
Title
onOffice for WP-Websites < 6.10 - Authenticated (Editor+) SQL Injection
Published
2021-09-16
Title
Buddyboss Platform < 1.7.9 - Subscriber+ SQL Injection