CVE Catalog

CVE-2026-54820

CriticalCVSS 9.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

SQL Injection vulnerability in JetBooking plugin versions up to 4.0.4.1 allows an unauthenticated attacker to inject malicious SQL code into database queries.

Risk Assessment

An attacker can gain unauthorized access to database data, including sensitive user information, and potentially modify or delete data, leading to system integrity compromise.

Recommendation

Immediately update the JetBooking plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS