Critical severity9.8NVD Advisory· Published Mar 14, 2022· Updated Jun 17, 2026
CVE-2022-0658
CVE-2022-0658
Description
The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/CommonsBooking WordPress plugindescription
- Range: <2.6.8
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/d7f0805a-61ce-454a-96fb-5ecacd767578nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.