PatchSiren

wpWax CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH wpWax CVE published 2026-06-17

CVE-2026-49073

A SQL injection vulnerability was discovered in Directorist Booking, a WordPress plugin developed by wpWax. The issue, tracked as CVE-2026-49073, allows for Blind SQL Injection and has a CVSS score of 8. This vulnerability is caused by improper neutralization of special elements used in an SQL command. Users of the Directorist Booking plugin, particularly those with versions prior to 3.0.4, should be awar [truncated]