CVE-2023-4691

State: PUBLISHED · Published: 2023-10-16 · Updated: 2025-04-23 · Assigner: WPScan

Description

The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

CWE

(none)

Affected

Unknown / WordPress Online Booking and Scheduling Plugin — v=0 <22.4 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/5085ec75-0795-4004-955d-e71b3d2c26c6 exploit, vdb-entry, technical-description

Source

cvelistV5-main/cves/2023/4xxx/CVE-2023-4691.json