CVE-2022-47428

MEDIUM

WpDevArt Booking calendar, Appointment Booking System <= 3.2.7 - SQL Injection

Title source: llm
STIX 2.1

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.7.

Scores

CVSS v3 6.7
EPSS 0.0067
EPSS Percentile 47.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (3)
wpdevart/Booking calendar, Appointment Booking System < 3.2.7
WpDevArt/Booking calendar, Appointment Booking System < 3.2.7
wpdevart/booking_calendar < 3.2.8
Published Nov 06, 2023
Tracked Since Feb 18, 2026