Vulnerabilities > Wpbookingcalendar > Booking Calendar > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-08 | CVE-2024-1207 | SQL Injection vulnerability in Wpbookingcalendar Booking Calendar The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |