← Back

Diary Availability Calendar

diary-availability-calendar

Vendor: Roosty • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-24555
1Roosty
1Diary Availability Calendar
Jun 17, 2026
Aug 23, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
The daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes the id POST parameter which is passed into the SQL statement without proper sanitisation, validation or escaping, leading to...Show more
The daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes the id POST parameter which is passed into the SQL statement without proper sanitisation, validation or escaping, leading to a SQL Injection issue. Furthermore, the ajax action is lacking any CSRF and capability check, making it available to any authenticated user.Show less