Oplugins: >> Booking Manager Security Vulnerabilities
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop, oplugins Booking Manager.This issue affects Booking Manager: from n/a through 2.1.5.
CVSS Score
8.5
EPSS Score
0.003
Published
2023-12-28
The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.
CVSS Score
8.8
EPSS Score
0.004
Published
2023-08-16