Vulnerabilities > CVE-2022-1463 - Deserialization of Untrusted Data vulnerability in Booking Calendar Project Booking Calendar

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

booking-calendar-project

CWE-502

NVD

Published: 2022-05-10

Updated: 2022-05-17

Summary

The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. This could be exploited by subscriber-level users and above to call arbitrary PHP objects on a vulnerable site.

Vulnerable Configurations

Part	Description	Count
Application	Booking_Calendar_Project Booking Calendar Project Booking Calendar 0.5 Booking Calendar Project Booking Calendar 0.6 Booking Calendar Project Booking Calendar 0.7 Booking Calendar Project Booking Calendar 1.0 Booking Calendar Project Booking Calendar 1.1 Booking Calendar Project Booking Calendar 1.2 Booking Calendar Project Booking Calendar 1.3 Booking Calendar Project Booking Calendar 1.3.1 Booking Calendar Project Booking Calendar 1.3.2 Booking Calendar Project Booking Calendar 1.3.3 Booking Calendar Project Booking Calendar 1.4 Booking Calendar Project Booking Calendar 1.4.1 Booking Calendar Project Booking Calendar 1.4.2 Booking Calendar Project Booking Calendar 1.4.3 Booking Calendar Project Booking Calendar 1.4.4 Booking Calendar Project Booking Calendar 1.5 Booking Calendar Project Booking Calendar 1.5.1 Booking Calendar Project Booking Calendar 1.5.2 Booking Calendar Project Booking Calendar 1.5.3 Booking Calendar Project Booking Calendar 1.5.4 Booking Calendar Project Booking Calendar 1.5.5 Booking Calendar Project Booking Calendar 1.5.6 Booking Calendar Project Booking Calendar 1.5.7 Booking Calendar Project Booking Calendar 1.5.8 Booking Calendar Project Booking Calendar 1.6 Booking Calendar Project Booking Calendar 1.7 Booking Calendar Project Booking Calendar 1.7.1 Booking Calendar Project Booking Calendar 1.7.2 Booking Calendar Project Booking Calendar 1.7.3 Booking Calendar Project Booking Calendar 1.7.4 Booking Calendar Project Booking Calendar 1.8 Booking Calendar Project Booking Calendar 1.9 Booking Calendar Project Booking Calendar 1.9.1 Booking Calendar Project Booking Calendar 1.9.2 Booking Calendar Project Booking Calendar 1.9.3 Booking Calendar Project Booking Calendar 2.0 Booking Calendar Project Booking Calendar 2.1 Booking Calendar Project Booking Calendar 2.1.7 Booking Calendar Project Booking Calendar 2.2 Booking Calendar Project Booking Calendar 2.3 Booking Calendar Project Booking Calendar 2.4 Booking Calendar Project Booking Calendar 2.5 Booking Calendar Project Booking Calendar 2.6 Booking Calendar Project Booking Calendar 2.7 Booking Calendar Project Booking Calendar 2.8 Booking Calendar Project Booking Calendar 2.9 Booking Calendar Project Booking Calendar 3.0 Booking Calendar Project Booking Calendar 4.0 Booking Calendar Project Booking Calendar 4.0.1 Booking Calendar Project Booking Calendar 4.0.2 Booking Calendar Project Booking Calendar 4.1 Booking Calendar Project Booking Calendar 4.1.1 Booking Calendar Project Booking Calendar 4.1.2 Booking Calendar Project Booking Calendar 4.1.3 Booking Calendar Project Booking Calendar 4.1.4 Booking Calendar Project Booking Calendar 4.1.5 Booking Calendar Project Booking Calendar 4.1.6 Booking Calendar Project Booking Calendar 5.0 Booking Calendar Project Booking Calendar 5.0.1 Booking Calendar Project Booking Calendar 5.0.2 Booking Calendar Project Booking Calendar 5.0.3 Booking Calendar Project Booking Calendar 5.0.4 Booking Calendar Project Booking Calendar 5.1 Booking Calendar Project Booking Calendar 5.1.1 Booking Calendar Project Booking Calendar 5.1.2 Booking Calendar Project Booking Calendar 5.1.3 Booking Calendar Project Booking Calendar 5.1.4 Booking Calendar Project Booking Calendar 5.1.5 Booking Calendar Project Booking Calendar 5.1.6 Booking Calendar Project Booking Calendar 5.2 Booking Calendar Project Booking Calendar 5.2.1 Booking Calendar Project Booking Calendar 5.3 Booking Calendar Project Booking Calendar 5.3.1 Booking Calendar Project Booking Calendar 5.3.2 Booking Calendar Project Booking Calendar 5.4 Booking Calendar Project Booking Calendar 5.4.1 Booking Calendar Project Booking Calendar 5.4.2 Booking Calendar Project Booking Calendar 5.4.3 Booking Calendar Project Booking Calendar 5.4.4 Booking Calendar Project Booking Calendar 6.0 Booking Calendar Project Booking Calendar 6.1 Booking Calendar Project Booking Calendar 6.2 Booking Calendar Project Booking Calendar 6.2.1 Booking Calendar Project Booking Calendar 6.2.2 Booking Calendar Project Booking Calendar 7.0 Booking Calendar Project Booking Calendar 7.1 Booking Calendar Project Booking Calendar 7.1.1 Booking Calendar Project Booking Calendar 7.2 Booking Calendar Project Booking Calendar 8.0 Booking Calendar Project Booking Calendar 8.0.1 Booking Calendar Project Booking Calendar 8.1 Booking Calendar Project Booking Calendar 8.1.1 Booking Calendar Project Booking Calendar 8.1.2 Booking Calendar Project Booking Calendar 8.2 Booking Calendar Project Booking Calendar 8.3 Booking Calendar Project Booking Calendar 8.3.1 Booking Calendar Project Booking Calendar 8.3.2 Booking Calendar Project Booking Calendar 8.4 Booking Calendar Project Booking Calendar 8.4.1 Booking Calendar Project Booking Calendar 8.4.2 Booking Calendar Project Booking Calendar 8.4.3 Booking Calendar Project Booking Calendar 8.4.4 Booking Calendar Project Booking Calendar 8.4.5 Booking Calendar Project Booking Calendar 8.4.6 Booking Calendar Project Booking Calendar 8.5 Booking Calendar Project Booking Calendar 8.5.1 Booking Calendar Project Booking Calendar 8.5.1.1 Booking Calendar Project Booking Calendar 8.5.1.2 Booking Calendar Project Booking Calendar 8.6 Booking Calendar Project Booking Calendar 8.7 Booking Calendar Project Booking Calendar 8.7.1 Booking Calendar Project Booking Calendar 8.7.2 Booking Calendar Project Booking Calendar 8.7.3 Booking Calendar Project Booking Calendar 8.7.4 Booking Calendar Project Booking Calendar 8.7.5 Booking Calendar Project Booking Calendar 8.7.6 Booking Calendar Project Booking Calendar 8.7.7 Booking Calendar Project Booking Calendar 8.7.8 Booking Calendar Project Booking Calendar 8.7.9 Booking Calendar Project Booking Calendar 8.7.10 Booking Calendar Project Booking Calendar 8.8 Booking Calendar Project Booking Calendar 8.8.1 Booking Calendar Project Booking Calendar 8.8.2 Booking Calendar Project Booking Calendar 8.9 Booking Calendar Project Booking Calendar 8.9.1 Booking Calendar Project Booking Calendar 8.9.2 Booking Calendar Project Booking Calendar 8.9.3 Booking Calendar Project Booking Calendar 9.0 Booking Calendar Project Booking Calendar 9.1	129

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://www.wordfence.com/blog/2022/04/php-object-injection-in-booking-calendar-plugin/