Lucene search
K

4 matches found

NVD
NVD
added 2026/06/25 4:17 a.m.7 views

CVE-2026-2508

The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00241EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 3:42 a.m.11 views

CVE-2026-2508

CVE-2026-2508 affects the Gravity Forms Booking plugin for WordPress, all versions up to and including 2.7.1. The vulnerability is a time-based SQL Injection via the 'staff_id' parameter caused by insufficient escaping and lack of proper query preparation. Authenticated attackers with Subscriber-...

6.5CVSS6AI score0.00241EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 3:42 a.m.32 views

CVE-2026-2508 Gravity Forms Booking <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection via 'staff_id'

The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00241EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 3:42 a.m.8 views

EUVD-2026-39167

The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS6AI score0.00241EPSS
Exploits0References3
Rows per page
Query Builder