cleantalk
Vulnerabilities and Security Researches

WP Simple Booking Calendar, CVE-2021-24726

CVE, Research URL

CVE-2021-24726

Home page URL

Security reports for WP Simple Booking Calendar

Application

WP Simple Booking Calendar

Published on
Sep 13, 2021
Research Description
The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue
Affected versions
Min -, max 2.0.7.
Status
vulnerable
Previous vulnerability researches
WP Simple Booking Calendar (CVE-2025-39541) , Apr 20, 2025
WP Simple Booking Calendar (CVE-2023-51525) , Jun 06, 2024
WP Simple Booking Calendar (CVE-2021-24726) , Jun 06, 2024
WP Simple Booking Calendar (CVE-2024-8663) , Sep 14, 2024
New vulnerability
SB Chart block (CVE-2025-3661) , Apr 20, 2025
Themesflat Addons For Elementor (CVE-2025-3275) , Apr 20, 2025
WP Simple Booking Calendar (CVE-2025-39541) , Apr 20, 2025
WordPress Job Board and Recruitment Plugin – JobWP (CVE-2025-2010) , Apr 20, 2025
WP Logger (CVE-2025-39456) , Apr 20, 2025