Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:18 p.m.7 views

CVE-2022-1006

The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks...

7.2CVSS7.6AI score0.01461EPSS
Exploits2References1
Circl
Circl
added 2022/04/11 6:16 p.m.23 views

CVE-2022-1006

creationtimestamp| type| source ---|---|--- 2022-04-11 18:16:01+00:00| seen| https://t.me/cibsecurity/40465 2025-07-22 21:02:22+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lulfobj37z2f 2025-11-12 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabiliti...

7.2CVSS7AI score0.01461EPSS
In wildExploits2References5
OSV
OSV
added 2022/04/11 3:15 p.m.4 views

CVE-2022-1006

The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks...

7.2CVSS5.8AI score0.01461EPSS
Exploits2References2
CVE
CVE
added 2022/04/11 2:41 p.m.81 views

CVE-2022-1006

CVE-2022-1006 affects the WordPress plugin Advanced Booking Calendar prior to version 1.7.1. The vulnerability stems from the plugin not sanitising or escaping the id parameter when editing calendars, enabling high-privilege users (e.g., admins) to perform SQL injection. The issue is documented a...

7.2CVSS7.2AI score0.01461EPSS
In wildExploits2References2Affected Software1
Cvelist
Cvelist
added 2022/04/11 2:41 p.m.19 views

CVE-2022-1006 Advanced Booking Calendar < 1.7.1 - Admin+ SQLi

The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks...

7.5AI score0.01461EPSS
Exploits2References2
Rows per page
Query Builder