CVE-2022-0739

CRITICAL

Wordpress BookingPress bookingpress_front_get_category_services SQLi

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 10 public exploits for CVE-2022-0739. PoCs published by destr4ct, BKreisel, viardant, including Metasploit module auxiliary/gather/wp_bookingpress_category_services_sqli.

AI-analyzed exploit summary This PoC exploits a SQL injection vulnerability in BookingPress before 1.0.11 via the 'bookingpress_front_get_category_services' action in WordPress admin-ajax.php. It extracts database version and user credentials (login, email, password hash) using a UNION-based SQLi attack.

Description

The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection

Exploits (10)

nomisec WORKING POC 12 stars
by destr4ct · poc
https://github.com/destr4ct/CVE-2022-0739

This PoC exploits a SQL injection vulnerability in BookingPress before 1.0.11 via the 'bookingpress_front_get_category_services' action in WordPress admin-ajax.php. It extracts database version and user credentials (login, email, password hash) using a UNION-based SQLi attack.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: BookingPress WordPress plugin < 1.0.11
No auth needed
Prerequisites: WordPress site with vulnerable BookingPress plugin · Valid nonce value
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 11 stars
by BKreisel · poc
https://github.com/BKreisel/CVE-2022-0739

This is a functional Python PoC exploit for CVE-2022-0739, targeting a SQL injection vulnerability in the WordPress BookingPress plugin. It supports database metadata lookup, credential dumping, and blind SQL injection.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: WordPress BookingPress Plugin < 1.0.11
No auth needed
Prerequisites: Target URL with BookingPress widget · Network access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 4 stars
by viardant · poc
https://github.com/viardant/CVE-2022-0739

This repository contains a Python-based SQL injection exploit for CVE-2022-0739, targeting the BookingPress WordPress plugin. The PoC automates the extraction of database information, including user credentials and schema dumps, by leveraging a vulnerable AJAX endpoint.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: BookingPress WordPress plugin (version 1.0.10)
No auth needed
Prerequisites: Access to a vulnerable BookingPress plugin endpoint · Valid nonce (automatically extracted if URL provided)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 4 stars
by Chris01s · poc
https://github.com/Chris01s/CVE-2022-0739

This is a functional SQL injection exploit for BookingPress before 1.0.11 (CVE-2022-0739). It extracts database names and user credentials by leveraging a vulnerable AJAX endpoint with a crafted UNION-based SQLi payload.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: BookingPress WordPress plugin < 1.0.11
No auth needed
Prerequisites: Target URL with BookingPress plugin installed · Access to the vulnerable AJAX endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by Manjen1218 · poc
https://github.com/Manjen1218/CVE-2022-0739-Exploitation

This repository contains a writeup describing the exploitation of CVE-2022-0739, an unauthenticated SQL Injection vulnerability in the BookingPress WordPress plugin before 1.0.11. The vulnerability arises from improper sanitization of user-supplied POST data in the bookingpress_front_get_category_services AJAX action.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: BookingPress WordPress plugin < 1.0.11
No auth needed
Prerequisites: WordPress site with vulnerable BookingPress plugin installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by lhamouche · poc
https://github.com/lhamouche/Bash-exploit-for-CVE-2022-0739

This is a functional Bash exploit for CVE-2022-0739, targeting an unauthenticated SQL injection vulnerability in BookingPress < 1.0.11. It extracts user credentials from the WordPress database via a crafted AJAX request.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: BookingPress < 1.0.11
No auth needed
Prerequisites: Target must be running BookingPress < 1.0.11 · WordPress installation must be accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by ElGanz0 · poc
https://github.com/ElGanz0/CVE-2022-0739

This Go-based PoC exploits an unauthenticated SQL injection in BookingPress < 1.0.11 via the `bookingpress_front_get_category_services` AJAX action. It extracts user data from the `wp_users` table using a UNION-based SQLi payload.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: BookingPress WordPress plugin < 1.0.11
No auth needed
Prerequisites: Target must have BookingPress plugin < 1.0.11 installed · AJAX endpoint must be accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by G01d3nW01f · poc
https://github.com/G01d3nW01f/CVE-2022-0739

This is a functional exploit for CVE-2022-0739, targeting a SQL injection vulnerability in the BookingPress WordPress plugin before version 1.0.11. It extracts user credentials (usernames, emails, and password hashes) via a UNION-based SQLi attack.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: BookingPress WordPress Plugin < 1.0.11
No auth needed
Prerequisites: WordPress site with vulnerable BookingPress plugin · Valid nonce value for unauthenticated exploitation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by hadrian3689 · poc
https://github.com/hadrian3689/wp_bookingpress_1.0.11

This is a functional Python script demonstrating an unauthenticated SQL injection vulnerability in the WordPress BookingPress plugin. It exploits a vulnerable parameter to extract user credentials from the database.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: WordPress BookingPress Plugin < 1.0.11
No auth needed
Prerequisites: Target URL · Valid WordPress nonce value
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by cydave, destr4ct, jheysel-r7 · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/wp_bookingpress_category_services_sqli.rb

This Metasploit module exploits an SQL injection vulnerability in the BookingPress WordPress plugin (CVE-2022-0739) by injecting malicious SQL payloads into the `total_service` parameter of the `bookingpress_front_get_category_services` AJAX action. It dumps WordPress user credentials, including usernames, emails, and password hashes.

Classification
Working Poc 100%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: BookingPress WordPress plugin before 1.0.11
No auth needed
Prerequisites: Target must have the vulnerable BookingPress plugin installed and accessible · AJAX endpoint must be reachable
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/388cd42d-b61a-42a4-8604-99b812db2357
Patch, Third Party Advisory x_refsource_confirm
https://plugins.trac.wordpress.org/changeset/2684789

Scores

CVSS v3 9.8
EPSS 0.3717
EPSS Percentile 98.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
reputeinfosystems/bookingpress < 1.0.11
Published Mar 21, 2022
Tracked Since Feb 18, 2026