WordPress Plugin Vulnerabilities
Booking Calendar WpDevArt < 3.2.12 - Admin+ SQLi
Description
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Affects Plugins
References
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Verified
No
WPVDB ID
Timeline
Publicly Published
2023-10-29 (about 6 months ago)
Added
2023-12-29 (about 4 months ago)
Last Updated
2023-12-29 (about 4 months ago)