Description
WordPress Plugin Booking Calendar is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Booking Calendar version 7.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 7.1 or latest
References
Related Vulnerabilities
WordPress Plugin Fotobook Cross-Site Scripting (3.2.3)
WordPress Plugin Plugmatter Pricing Table Cross-Site Scripting (1.0.32)
WordPress Plugin Feedweb Unspecified Vulnerability (3.0.10)
WordPress Plugin Bulk Add to Cart for WooCommerce Security Bypass (1.2.2)
WordPress Plugin Contact Form 7 Database Addon-CFDB7 Unspecified Vulnerability (1.2.5.7)