The Booking Calendar plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'dates_to_check' parameter in all versions up to, an

WORDPRESS

15-12-2025 16:14

CVE-2025-14383 Vulnerabilidad documentada

Sin puntuación

Tags

#wordpress

#sql injection

#sql

#plugin

#injection

#data

#form

#add

#database

#/sql(.*)injection/iU

#attackers

#authenticated

#vulnerable

#inject

#attack

Descripción

The Booking Calendar plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'dates_to_check' parameter in all versions up to, and including, 10.14.8 due insufficient escaping on user supplied lack of sufficient preparation existing query. This makes it possible unauthenticated attackers append additional queries into already that can be used extract sensitive information from database.

https://plugins.trac.wordpress.org/changeset/3416518/booking/trunk/includes/_capacity/capacity.php

https://www.wordfence.com/threat-intel/vulnerabilities/id/790f93b0-eb69-473f-a726-bfe215f5d870?source=cve

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-14383

Resultados similares

Coincidentes en almenos en 50% de los tags

16-12-2025 CVE-2025-13956
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized acce...
Ver información

15-12-2025 CVE-2025-14045
The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due...
Ver información