Description
WordPress Plugin Sagenda-Free booking system is prone to a vulnerability that lets remote attackers inject and execute arbitrary code because the application fails to sanitize user-supplied input before being passed to the unserialize() PHP function. Attackers can possibly exploit this issue to delete files that the current user has access to. WordPress Plugin Sagenda-Free booking system version 1.3.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.3 or latest
References
Related Vulnerabilities
PHP Other Vulnerability (CVE-2005-3353)
Zope Web Application Server Other Vulnerability (CVE-2001-1278)
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-43795)
WordPress Plugin Easy SVG Support Cross-Site Scripting (3.2.0)
WordPress Plugin InPost Gallery Multiple Vulnerabilities (2.1.2)