← Back

CVE-2022-1006

nvd nist
Published: Apr 11, 2022Modified: Jun 17, 2026

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks

Affected (1)

1 product
Advanced Booking Calendar
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Before 1.7.1

References (4)

Source: contact@wpscan.com
PatchThird Party Advisory
Source: contact@wpscan.com
ExploitPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchThird Party Advisory

Timeline

No history available yet.