The Booking Calendar WordPress plugin was affected by a SQL Injection security vulnerability.
gist.github.com/B0UG/a750c2c204825453e6faf898ea6d09f6
packetstormsecurity.com/files/151692/
vulners.com/exploitdb/EDB-ID:46377