cleantalk
Vulnerabilities and Security Researches

WP Booking Calendar, CVE-2026-32358

CVE, Research URL

CVE-2026-32358

Home page URL

Security reports for WP Booking Calendar

Application

WP Booking Calendar

Published on
Mar 14, 2026
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar: from n/a through <= 10.14.15.
Affected versions
max 10.14.15.
Status
vulnerable
Previous vulnerability researches
PixelYourSite &#8211; Your smart PIXEL (TAG) Manager (CVE-2024-37447) , Jul 02, 2024
PixelYourSite &#8211; Your smart PIXEL (TAG) Manager (CVE-2025-14280) , Jan 27, 2026
PixelYourSite &#8211; Your smart PIXEL (TAG) Manager (CVE-2025-22300) , Jan 09, 2025
PixelYourSite &#8211; Your smart PIXEL (TAG) Manager (CVE-2024-7870) , Sep 05, 2024
PixelYourSite &#8211; Your smart PIXEL (TAG) Manager (CVE-2023-22700) , Jun 07, 2024
New vulnerability
SMTP Mailer (CVE-2026-32538) , Mar 29, 2026
Best WordPress Gallery Plugin – FooGallery (CVE-2026-25362) , Mar 29, 2026
Best WordPress Gallery Plugin – FooGallery (CVE-2026-25363) , Mar 29, 2026
Best WordPress Gallery Plugin – FooGallery (CVE-2025-15524) , Mar 29, 2026
Photo Gallery by 10Web &#8211; Mobile-Friendly Image Gallery (CVE-2026-27360) , Mar 29, 2026