Description
WordPress Plugin Sagenda-Free booking system is prone to a vulnerability that lets remote attackers inject and execute arbitrary code because the application fails to sanitize user-supplied input before being passed to the unserialize() PHP function. Attackers can possibly exploit this issue to delete files that the current user has access to. WordPress Plugin Sagenda-Free booking system version 1.3.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.3 or latest
References
Related Vulnerabilities
phpMyAdmin 7PK - Security Features Vulnerability (CVE-2016-6626)
PostgreSQL Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2022-2625)
Moment.js Uncontrolled Resource Consumption Vulnerability (CVE-2016-4055)
Squid Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5400)