The WordPress Booking Calendar plugin is affected by a high-severity vulnerability that requires immediate attention to prevent unauthorized access.

This vulnerability exists within the Booking Calendar Contact Form. It likely stems from inadequate security controls, potentially allowing an attacker to bypass intended restrictions within the plugin’s functionality.

With a CVSS score of 8.2, this vulnerability allows for serious security compromises, including the potential for unauthorized data access or malicious configuration changes. Failure to remediate this flaw could lead to unauthorized administrative control over the affected WordPress instance.

Immediate Action: Apply the latest security patch or update for the Booking Calendar plugin as soon as it becomes available.

Proactive Monitoring: Monitor WordPress administrative logs for unusual user activity or unauthorized plugin configuration changes.

Compensating Controls: Utilize a Web Application Firewall (WAF) to filter malicious traffic and block requests targeting vulnerable plugin parameters.

Public Exploit Available: false

The high-severity rating necessitates an urgent review of all active plugins. Administrators must ensure the Booking Calendar plugin is fully updated and audited to prevent exploitation of this identified security deficiency.