Vulnerabilities > CVE-2021-24726 - Unspecified vulnerability in Wpsimplebookingcalendar WP Simple Booking Calendar

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
wpsimplebookingcalendar
NVD
Published: 2021-09-13
Updated: 2024-11-21

Summary

The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue

Vulnerable Configurations

Part Description Count
Application
Wpsimplebookingcalendar
18

References