CVE-2022-0658

The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection...

WordPress plugin SQL注入漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. SQL injection vulnerability exists in versions of the WordPress CommonsBooking plugin prior to 2.6.8, which stems from the CommonsBooking plug...