WordPress Doctor Appointment Booking Plugin SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the WordPress Doctor Appointment Booking Plugin, affecting versions through 1.0.0. This vulnerability allows for improper neutralization of special elements used in SQL commands, enabling attackers to manipulate database queries and potentially access or modify database information.

Impact

Exploitation of this vulnerability allows for direct interaction with the database, which could lead to unauthorized data access or manipulation. According to Patchstack, this vulnerability is highly dangerous and expected to be widely exploited.

Remediation

Users of the WordPress Doctor Appointment Booking Plugin are advised to update to a version later than 1.0.0, as no official fix is currently available. However, Patchstack has issued a virtual patch that automatically mitigates this vulnerability by blocking attacks until an official update can be safely applied.