Is CVE-2022-0739 known to be exploited?

21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Bookingpress – Appointments Booking Calendar Plugin And Online Scheduling

CVE-2022-0739

The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthen…

Vulnerability class: SQL Injection

EPSS: 0.696 (98.7th percentile) — read the EPSS interpretation.

Affected products

Unknown Bookingpress – Appointments Booking Calendar Plugin And Online Scheduling — versions 1.0.11

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

wpscan.com/vulnerability/388cd42d-b61a-42a4-8604-99b812db2357 (x_refsource_MISC)
plugins.trac.wordpress.org/changeset/2684789 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2022-0739?: CVE-2022-0739 is a vulnerability in Bookingpress – Appointments Booking Calendar Plugin And Online Scheduling, classified under SQL Injection. Published 2022-03-21.
Is CVE-2022-0739 known to be exploited?: 21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.