WP Simple Booking Calendar <= 2.0.6 (before 07/12/2021) - Authenticated SQL Injection
CVE-2021-24726
8.8HIGH
What is CVE-2021-24726?
The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue
Affected Version(s)
WP Simple Booking Calendar 2.0.6