• WordPress Plugin Booking Calendar is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Booking Calendar version 7.0 is vulnerable; prior versions may also be affected.

• Update to plugin version 7.1 or latest

• • http://defensecode.com/advisories/DC-2017-12-005_WordPress_Booking_Calendar_Plugin_Advisory.pdf
  • https://packetstormsecurity.com/files/145502/WordPress-Booking-Calendar-7.0-7.1-SQL-Injection-Local-File-Inclusion.html

• 

• CWE-22

• Missing Update File Inclusion

• WordPress Plugin WordPress Poll Multiple SQL Injection and Security Bypass Vulnerabilities (34.04)
• WordPress Plugin Comments-wpDiscuz Cross-Site Scripting (3.1.4)
• WordPress Plugin Crayon Syntax Highlighter 'wp_load' Parameter Remote File Include (1.12.1)
• WordPress Plugin Doctor Appointment Booking Multiple Vulnerabilities (1.0.0)
• WordPress Plugin Product Size charts for Woocommerce Unspecified Vulnerability (1.0)