The WordPress Booking Calendar plugin contains a high-severity vulnerability that poses a significant risk of unauthorized system interaction.

This vulnerability affects the Booking Calendar Contact Form component. While specific technical details are limited, such flaws often involve improper input validation or insufficient authentication checks that could be leveraged by an attacker.

Successful exploitation of this high-severity vulnerability (CVSS 8.2) could lead to unauthorized access to administrative functions or exposure of sensitive user data stored within the WordPress environment. This risk could result in significant operational disruption, loss of data integrity, and potential reputational damage to the organization.

Immediate Action: Update the Booking Calendar plugin to the latest available version provided by the vendor immediately.

Proactive Monitoring: Review web server access logs for anomalous request patterns or unauthorized attempts to access plugin-specific directories.

Compensating Controls: Deploy a Web Application Firewall (WAF) with updated virtual patching rules to block known exploit patterns targeting WordPress plugin vulnerabilities.

Public Exploit Available: false

Given the CVSS score of 8.2, this vulnerability represents a substantial security risk to the WordPress environment. Administrators should verify the current plugin version and apply available updates immediately. If an update is unavailable, consider disabling or removing the plugin until a secure version is released.