WP Time Slots Booking Form is affected by a severe SQL injection vulnerability that allows authenticated subscribers to gain unauthorized database access.

The plugin fails to sanitize user-supplied input, allowing an authenticated Subscriber to perform SQL injection attacks against the backend database.

Exploitation of this flaw allows attackers to bypass security boundaries, potentially resulting in data exfiltration or unauthorized modifications. Given the CVSS score of 8.5, this vulnerability represents a significant threat to the confidentiality and availability of the affected system.

Immediate Action: Apply the vendor-provided patch immediately to mitigate the SQL injection vector.

Proactive Monitoring: Monitor database logs for anomalous queries or unauthorized access patterns indicative of SQL injection.

Compensating Controls: Use a Web Application Firewall (WAF) to intercept and block malicious input before it reaches the database layer.

Public Exploit Available: false

Security teams should treat this SQL injection vulnerability with high urgency. Immediate patching is necessary to prevent potential unauthorized database access and ensure the security of the WordPress instance.