CVE-2026-15335 | masaakitanaka Booking Package Plugin up to 1.7.20 on WordPress REST API Endpoint request email sql injection
A vulnerability, which was classified as critical, was found in masaakitanaka Booking Package Plugin up to 1.7.20 on WordPress. The impacted element is an unknown function of the file /wp-json/booking-package/v1/request of the component REST API Endpoint. The manipulation of the argument email results in sql injection.
This vulnerability is identified as CVE-2026-15335. The attack can be executed remotely. There is not any exploit available.VulDB Recent EntriesRead More