SQL Injection Vulnerability in Court Reservation Plugin for WordPress
CVE-2026-1250

7.5HIGH

Key Information:

Vendor: WordPress
Status: Court Reservation – Manage Your Court Bookings Online
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-1250?

The Court Reservation – Manage Your Court Bookings Online plugin for WordPress suffers from a SQL injection flaw due to insufficient escaping of user input in the 'id' parameter. This vulnerability allows unauthenticated attackers to manipulate SQL queries, enabling the potential retrieval of sensitive information from the database. All versions up to and including 1.10.11 are impacted, highlighting the need for prompt action to safeguard against data breaches.

Affected Version(s)

Court Reservation – Manage Your Court Bookings Online 0 <= 1.10.11

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/court-reservat...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Jan 20, 2026

Credit

MD. TAREQ AHAMED JONY

CVE-2026-1250 Data

JSON