This WordPress CP Reservation Calendar plugin is prone to an SQL injection via dex_reservations.php. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database.
Upgrade the plugin.