CVE-2026-49073
HighCVSS 8.5Exploitation Probability (EPSS)
Low risk19th percentile — higher than 19% of all known CVEs
Summary
CVE-2026-49073 describes an improper neutralization of special elements used in SQL commands, leading to the possibility of Blind SQL Injection attacks in the wpWax Directorist Booking plugin.
Risk Assessment
An attacker could exploit this vulnerability to gain unauthorized access to database data, potentially leading to the leakage of sensitive information.
Recommendation
It is recommended to update the Directorist Booking plugin to the latest version to mitigate this vulnerability and conduct a security audit of the application.
Original NVD description (English source)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3.

