WordPress Gravity Bookings plugin <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection vulnerability

Authenticated Subscriber+ Time-Based SQL Injection vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Gravity Forms Bookings premium versions = 2.7.1...

CVE-2026-1719

The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...

EUVD-2026-27548

The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...

CVE-2026-1719

The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...

WordPress Gravity Bookings plugin <= 2.5.9 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Gravity Forms Bookings premium versions = 2.5.9...

CVE-2026-1719

CVE-2026-1719 concerns the Gravity Bookings Premium WordPress plugin. Affected: Gravity Bookings Premium plugin for WordPress (versions up to and including 2.5.9). Issue: SQL Injection due to insufficient escaping of user-supplied input and inadequate preparation of the existing SQL query, enabli...

CVE-2026-1719 Gravity Bookings <= 2.5.9 - Unauthenticated SQL Injection via 'category_id' Parameter

The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...

CVE-2026-1719

The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...

CVE-2026-1719 Gravity Bookings <= 2.5.9 - Unauthenticated SQL Injection via 'category_id' Parameter

The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...

WordPress plugin Gravity Bookings Premium SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-37435

The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...