CVE-2026-3496 in JetBooking Plugininformação

Sumário

de MITRE • 11/03/2026

The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'check_in_date' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

Wordfence

Reservar

03/03/2026

Divulgação

11/03/2026

Moderação

aceite

Entrada

VDB-350399

CPE

pronto

CWE

CWE-89 (confirmado)

CVSS

7.5 (CNA)

EPSS

0.00096

KEV

não

Atividades

muito baixo

Sector

Hostingprovider

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-3496
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-3496
CVE Details	https://www.cvedetails.com/cve/CVE-2026-3496/

◂ Voltar Visão Geral Próximo ▸

Do you need the next level of professionalism?

Upgrade your account now!