Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.9
Bookster WordPress Plugin Exposes Administrator Data
CVE-2025-8781
Summary
The Bookster WordPress plugin contains a security flaw that allows attackers to extract sensitive data from the database if they have Administrator access. This is a concern for businesses that rely on this plugin for scheduling and appointments. To protect your data, update the plugin to the latest version or remove it if you're not using it.
Original title
The Bookster – WordPress Appointment Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘raw’ parameter in all versions up to, and including, 2.1.1 due to insufficient escap...
Original description
The Bookster – WordPress Appointment Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘raw’ parameter in all versions up to, and including, 2.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
nvd CVSS3.1
4.9
Vulnerability type
CWE-89
SQL Injection
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026