5 matches found
CVE-2022-1006
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks...
CVE-2022-1006
creationtimestamp| type| source ---|---|--- 2022-04-11 18:16:01+00:00| seen| https://t.me/cibsecurity/40465 2025-07-22 21:02:22+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lulfobj37z2f 2025-11-12 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabiliti...
CVE-2022-1006
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks...
CVE-2022-1006
CVE-2022-1006 affects the WordPress plugin Advanced Booking Calendar prior to version 1.7.1. The vulnerability stems from the plugin not sanitising or escaping the id parameter when editing calendars, enabling high-privilege users (e.g., admins) to perform SQL injection. The issue is documented a...
CVE-2022-1006 Advanced Booking Calendar < 1.7.1 - Admin+ SQLi
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks...