Authenticated SQL Injection (SQLi) vulnerability discovered by Martin Vierula (Trustwave) in WordPress WP Simple Booking Calendar plugin (versions <= 2.0.6).
Update the WordPress WP Simple Booking Calendar plugin to the latest available version (at least 2.0.7).