Booking Algorithms BA Book Everything SQL Injection Vulnerability
CVE-2024-32125

8.8HIGH

Key Information:

Vendor: WordPress
Status: Ba Book Everything
Vendor: CVE Published:; 15 April 2024

Summary

A SQL Injection vulnerability exists in the BA Book Everything plugin developed by Booking Algorithms, affecting versions up to 1.6.4. This vulnerability arises from improper neutralization of special elements within SQL commands, allowing an attacker to execute arbitrary SQL queries. Successful exploitation could lead to unauthorized access to sensitive data in the underlying database, posing significant security risks. Users are advised to update their installations to mitigate potential threats.

Affected Version(s)

BA Book Everything <= 1.6.4

References

https://patchstack.com/database/vulnerability/ba-book-eve...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2024
Vulnerability Reserved
Apr 11, 2024

Credit

Thanh Nam Tran (Patchstack Alliance)