JVN#18739672: WordPress plugin "Booking Calendar" vulnerable to directory traversal

2017-04-20T00:00:00
ID JVN:18739672
Type jvn
Reporter Japan Vulnerability Notes
Modified 2017-04-20T00:00:00

Description

## Description

The WordPress plugin "Booking Calendar" provided by wpdevelop contains a directory traversal vulnerability (CWE-22).

## Impact

A local file outside of the application on the server may be accessed by a remote attacker.

## Solution

Update the Software
Update to the latest version according to the information provided by the developer.

## Products Affected

  • Booking Calendar version 7.0 and earlier