WordPress Booking Calendar plugin <= 10.14.8 - Unauthenticated SQL Injection via dates_to_check vulnerability

Unauthenticated SQL Injection via datestocheck vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin Booking Calendar versions = 10.14.8...

CVE-2025-14383

The Booking Calendar plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'datestocheck' parameter in all versions up to, and including, 10.14.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-14383

CVE-2025-14383 : Booking Calendar for WordPress is vulnerable to unauthenticated time-based SQL Injection via the dates_to_check parameter in all versions up to 10.14.8 due to insufficient escaping in user input and query construction. This can allow extraction of sensitive data from the database...

CVE-2025-14383 Booking Calendar <= 10.14.8 - Unauthenticated SQL Injection via dates_to_check

The Booking Calendar plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'datestocheck' parameter in all versions up to, and including, 10.14.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...