cleantalk
Vulnerabilities and Security Researches

WP Booking Calendar, CVE-2026-32358

CVE, Research URL

CVE-2026-32358

Home page URL

Security reports for WP Booking Calendar

Application

WP Booking Calendar

Published on
Mar 14, 2026
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar: from n/a through <= 10.14.15.
Affected versions
max 10.14.15.
Status
vulnerable
Previous vulnerability researches
SiteGuard WP Plugin (CVE-2024-37881) , Jun 21, 2024
SiteGuard WP Plugin (CVE-2026-27411) , Mar 29, 2026
SiteGuard WP Plugin , Jun 28, 2025
New vulnerability
SMTP Mailer (CVE-2026-32538) , Mar 29, 2026
Best WordPress Gallery Plugin – FooGallery (CVE-2026-25362) , Mar 29, 2026
Best WordPress Gallery Plugin – FooGallery (CVE-2026-25363) , Mar 29, 2026
Best WordPress Gallery Plugin – FooGallery (CVE-2025-15524) , Mar 29, 2026
Photo Gallery by 10Web &#8211; Mobile-Friendly Image Gallery (CVE-2026-27360) , Mar 29, 2026