QwikSec

Security Database

CVE

CWE

Training

CVE-2022-0739

Published: Mar 21, 2022

Modified: Aug 2, 2024

PUBLISHED

Description

The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection

Vendor	Product	Versions
Unknown	BookingPress – Appointments Booking Calendar Plugin and Online Scheduling Plugin	affected `1.0.11 - < 1.0.11`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/388cd42d-b61a-42a4-8604-99b812db2357

x_refsource_MISC

https://plugins.trac.wordpress.org/changeset/2684789

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.