CVE-2026-15289: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in wpdevart Booking calendar, Appointment Booking System
The Booking calendar, Appointment Booking System plugin for WordPress contains a time-based SQL Injection vulnerability via the 'wpdevart_id' parameter in all versions up to and including 3.2.17…
Read the full articleYou might also wanna read

WAF - WAF Release - 2026-06-09
This release introduces new detections for a critical SQL injection vulnerability in Drupal installations utilizing PostgreSQL (CVE-2026-908

WAF - WAF Release - 2025-08-04
This week's highlight focuses on a series of significant vulnerabilities identified across widely adopted web platforms, from enterprise-gra

Understanding and Preventing WordPress SQL Injection Attacks
Have you thought about the security risks WordPress websites face? Anders Johansson explores why they are frequent hacker targets and shares

WAF - WAF Release - 2026-06-15
This week's release introduces new managed protection to address a critical SQL injection vulnerability in Ghost CMS (CVE-2026-26980) and a

WAF - WAF Release - 2025-09-29
This week highlights four important vendor- and component-specific issues: an authentication bypass in SimpleHelp (CVE-2024-57727), an infor

WAF - WAF Release - 2025-10-06
This week’s highlights prioritise an emergency Oracle E-Business Suite RCE rule deployed to block active, high-impact exploitation. Also add

Comments
Sign in to join the conversation.
No comments yet. Be the first.