Plattform
wordpress
Komponente
directorist-booking
Behoben in
3.0.2
CVE-2026-22336 describes a SQL Injection vulnerability within the Directorist Booking plugin. This flaw allows attackers to inject arbitrary SQL code, potentially granting them unauthorized access to sensitive data and control over the database. The vulnerability impacts versions from 0.0.0 up to and including 3.0.2. A patch is available in version 3.0.2.
Successful exploitation of this SQL Injection vulnerability could allow an attacker to bypass authentication mechanisms, read sensitive data stored in the database (such as user credentials, booking information, and payment details), modify data, or even execute arbitrary commands on the underlying server. The blast radius extends to any data accessible through the Directorist Booking database. A skilled attacker could leverage this to gain complete control of the WordPress site and potentially pivot to other systems on the network. While no specific real-world exploitation has been publicly reported yet, SQL Injection vulnerabilities are consistently among the most exploited web application flaws.
CVE-2026-22336 was publicly disclosed on 2026-04-27. Its severity is rated as CRITICAL (CVSS 9.3). There are currently no public proof-of-concept exploits available, but the ease of SQL Injection exploitation means it is likely to become a target. It is not currently listed on the CISA KEV catalog. Monitor security advisories and threat intelligence feeds for any signs of active exploitation.
Exploit-Status
EPSS
0.04% (12% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to immediately upgrade Directorist Booking to version 3.0.2 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing temporary workarounds. These may include using a Web Application Firewall (WAF) with SQL Injection rules to filter malicious requests, and carefully reviewing and sanitizing all user inputs to Directorist Booking. Regularly scan your WordPress site for vulnerabilities using a reputable security plugin. After upgrading, confirm the fix by attempting a SQL Injection attack on the vulnerable endpoint (e.g., using a simple ' OR '1'='1 payload) and verifying that it is properly blocked.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Schwachstelle im Detail und setzen Sie Schutzmaßnahmen basierend auf der Risikobereitschaft Ihrer Organisation um. Es kann am besten sein, die betroffene Software zu deinstallieren und einen Ersatz zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-22336 is a critical SQL Injection vulnerability affecting Directorist Booking versions 0.0.0–3.0.2, allowing attackers to inject malicious SQL code and potentially compromise the database.
You are affected if you are using Directorist Booking versions 0.0.0 through 3.0.2. Immediately check your plugin version and upgrade if necessary.
Upgrade Directorist Booking to version 3.0.2 or later. If immediate upgrade is not possible, implement input validation and parameterized queries as temporary mitigations.
There is currently no public evidence of CVE-2026-22336 being actively exploited, but the critical severity warrants immediate attention and remediation.
Refer to the official Directorist Booking website and WordPress plugin repository for the latest security advisory and update information regarding CVE-2026-22336.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.