2 matches found
CVE-2022-1463
The CVE-2022-1463 is tied to the WordPress Booking Calendar plugin (≤ 9.1). The vulnerability is an insecure deserialization/PHP Object Injection via the [bookingflextimeline] shortcode, allowing an attacker with subscriber-level privileges or higher to trigger arbitrary PHP object instantiation ...
PHP Object Injection Vulnerability in Booking Calendar Plugin
On April 18, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for an Object Injection vulnerability in the Booking Calendar plugin for WordPress, which has over 60,000 installations. We received a response the same day and sent over our full disclosure ear...