SQL Injection Vulnerability in WP Booking System Plugin by WordPress
CVE-2019-12239

7.2HIGH

Key Information:

Vendor: Wordpress
Status: WP Booking System
Vendor: CVE Published:; 20 May 2019

What is CVE-2019-12239?

The WP Booking System plugin version 1.5.1 for WordPress lacks adequate Cross-Site Request Forgery (CSRF) protection, thereby exposing it to potential SQL injection vulnerabilities. Attackers with administrative access can exploit this flaw, leading to unauthorized database manipulation and data leakage, significantly compromising the security of the WordPress site. Administrators should promptly update the plugin and implement security measures to mitigate this risk.