WordPress WP Simple Booking Calendar plugin <= 2.0.6 - Authenticated SQL Injection (SQLi) vulnerability

2021-09-1000:00:00

Martin Vierula (Trustwave)

patchstack.com

wordpress

wp simple booking calendar

2.0.6

authenticated

sql injection

trustwave

EPSS

0.001

Percentile

44.5%

JSON

Authenticated SQL Injection (SQLi) vulnerability discovered by Martin Vierula (Trustwave) in WordPress WP Simple Booking Calendar plugin (versions <= 2.0.6).

Solution

           Update the WordPress WP Simple Booking Calendar plugin to the latest available version (at least 2.0.7).

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24726

wordpress.org/plugins/wp-simple-booking-calendar/#developers

www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29176

EPSS

0.001

Percentile

44.5%

JSON

Related for PATCHSTACK:27F9F07D5CAA27ECD05C1D8D5F0E2379