HIGH
wpWax
CVE published 2026-06-17
CVE-2026-49073
A SQL injection vulnerability was discovered in Directorist Booking, a WordPress plugin developed by wpWax. The issue, tracked as CVE-2026-49073, allows for Blind SQL Injection and has a CVSS score of 8. This vulnerability is caused by improper neutralization of special elements used in an SQL command. Users of the Directorist Booking plugin, particularly those with versions prior to 3.0.4, should be awar [truncated]