Arbitrary SQL Command Execution in Appointment Booking Calendar Plugin

Arbitrary SQL Command Execution in Appointment Booking Calendar Plugin

CVE-2015-7319 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username.

Learn more about our Wordpress Pen Testing.