CVE-2021-24726

CVE-2021-24726: WP Simple Booking Calendar <= 2.0.6 (before 07/12/2021) - Authenticated SQL Injection

Vendor Unknown

Product WP Simple Booking Calendar

Weakness CWE-89 · SQLi

Published September 13, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue

Key dates

02Disclosure timeline

September 13, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24726 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2024-4808 Kashipara College Management System delete_faculty.php sql injection CVE-2025-15181 code-projects Refugee Food Management System pagenateRefugeesList.php sql injection CVE-2022-4259 Authenticated SQL Injection on Alerts in Guardian/CMC before 22.5.2 CVE-2021-24132 Slider by 10Web < 1.2.36 - Multiple Authenticated SQL Injection CVE-2026-1121 Yonyou KSOA HTTP GET Parameter del_workplan.jsp sql injection