High severity8.8NVD Advisory· Published Aug 23, 2021· Updated Jun 17, 2026
CVE-2021-24555
CVE-2021-24555
Description
The daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes the id POST parameter which is passed into the SQL statement without proper sanitisation, validation or escaping, leading to a SQL Injection issue. Furthermore, the ajax action is lacking any CSRF and capability check, making it available to any authenticated user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
2- codevigilant.com/disclosure/2021/wp-plugin-diary-availability-calendar/nvdExploitThird Party Advisory
- wpscan.com/vulnerability/8eafd84b-6214-450b-869b-0afe7cca4c5fnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.