CVE Catalog
CVE-2026-54820
CriticalCVSS 9.3Exploitation Probability (EPSS)
Low risk0.28%
20th percentile — higher than 20% of all known CVEs
Summary
SQL Injection vulnerability in JetBooking plugin versions up to 4.0.4.1 allows an unauthenticated attacker to inject malicious SQL code into database queries.
Risk Assessment
An attacker can gain unauthorized access to database data, including sensitive user information, and potentially modify or delete data, leading to system integrity compromise.
Recommendation
Immediately update the JetBooking plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions.

