cleantalk
Vulnerabilities and Security Researches

WP Booking Calendar, CVE-2018-20556

CVE, Research URL

CVE-2018-20556

Home page URL

Security reports for WP Booking Calendar

Application

WP Booking Calendar

Published on
Mar 21, 2019
Research Description
SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter.
Affected versions
Min -, max 8.4.5.15.
Status
vulnerable
Previous vulnerability researches
Booking Weir (2e61817c8a383fba887267b21f5423e453a335d3) , Jun 07, 2024
Booking Calendar – Clockwork SMS (CVE-2017-17780) , Jun 07, 2024
Booking Calendar – Clockwork SMS (CVE-2017-18555) , Jun 07, 2024
WP Booking (CVE-2024-35297) , Jun 07, 2024
Simple Booking – Widget (CVE-2024-54433) , Dec 18, 2024
New vulnerability
CYAN Backup (CVE-2024-9663) , May 19, 2025
CYAN Backup (CVE-2024-9662) , May 19, 2025
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2024-6708) , May 19, 2025
Maspik – Spam Blacklist (CVE-2024-9182) , May 19, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2024-8426) , May 19, 2025