Booking Algorithms BA Book Everything SQL Injection Vulnerability
CVE-2024-32125

8.5HIGH

Key Information:

Vendor: WordPress
Status: Ba Book Everything
Vendor: CVE Published:; 15 April 2024

Summary

A SQL Injection vulnerability exists in the BA Book Everything plugin developed by Booking Algorithms, affecting versions up to 1.6.4. This vulnerability arises from improper neutralization of special elements within SQL commands, allowing an attacker to execute arbitrary SQL queries. Successful exploitation could lead to unauthorized access to sensitive data in the underlying database, posing significant security risks. Users are advised to update their installations to mitigate potential threats.

Affected Version(s)

BA Book Everything <= 1.6.4

References

https://patchstack.com/database/vulnerability/ba-book-eve...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2024
Vulnerability Reserved
Apr 11, 2024

Credit

Thanh Nam Tran (Patchstack Alliance)