An SQL injection vulnerability in the Gravity Bookings Premium plugin poses a high risk to the confidentiality and integrity of WordPress database information.

The plugin contains an SQL injection vulnerability that allows an attacker to manipulate database queries. This flaw can be exploited to access restricted information or perform unauthorized operations on the site database.

This high-severity vulnerability (CVSS 7.5) could lead to the exposure of booking data, customer information, or administrative credentials. The resulting impact involves potential data breaches and disruption of critical business scheduling operations.

Immediate Action: Update the Gravity Bookings Premium plugin to the latest version provided by the vendor.

Proactive Monitoring: Monitor for suspicious database activity and unexpected query performance degradation that may indicate an ongoing injection attempt.

Compensating Controls: Use a Web Application Firewall (WAF) to block anomalous HTTP requests that contain malicious SQL syntax.

Public Exploit Available: false

Security teams should treat this vulnerability with high priority. Apply the latest vendor-supplied patch immediately and ensure that all WordPress plugins are kept up to date to minimize the attack surface.