Roninwp FAT Services Booking vulnerable to SQL Injection
CVE-2024-54221

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: Fat Services Booking
Vendor: CVE Published:; 5 December 2024

What is CVE-2024-54221?

The vulnerability in the Roninwp FAT Services Booking plugin arises from improper handling of special elements within SQL commands, leading to an SQL Injection attack vector. This flaw allows an unauthenticated attacker to craft malicious SQL queries that can manipulate the database, potentially exposing sensitive information or compromising the integrity of the web application. The affected versions of the plugin are from n/a up to 5.6, emphasizing the critical need for users to update their installations to mitigate the risk associated with this vulnerability.

Affected Version(s)

FAT Services Booking <= 5.6

References

https://patchstack.com/database/wordpress/plugin/fat-serv...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2024

Credit

Dave Jong (Patchstack)

WordPress

What is CVE-2024-54221?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit