CVE Catalog

CVE-2026-49073

HighCVSS 8.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

19th percentile — higher than 19% of all known CVEs

Summary

CVE-2026-49073 describes an improper neutralization of special elements used in SQL commands, leading to the possibility of Blind SQL Injection attacks in the wpWax Directorist Booking plugin.

Risk Assessment

An attacker could exploit this vulnerability to gain unauthorized access to database data, potentially leading to the leakage of sensitive information.

Recommendation

It is recommended to update the Directorist Booking plugin to the latest version to mitigate this vulnerability and conduct a security audit of the application.

Original NVD description (English source)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS