Description
WordPress Plugin Sagenda-Free booking system is prone to a vulnerability that lets remote attackers inject and execute arbitrary code because the application fails to sanitize user-supplied input before being passed to the unserialize() PHP function. Attackers can possibly exploit this issue to delete files that the current user has access to. WordPress Plugin Sagenda-Free booking system version 1.3.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.3 or latest
References
Related Vulnerabilities
Squid Other Vulnerability (CVE-2011-3205)
WordPress Plugin LeadConnector Security Bypass (1.7)
MySQL CVE-2016-0594 Vulnerability (CVE-2016-0594)
WordPress Plugin WP-Invoice-Web Invoice and Billing Multiple Vulnerabilities (4.1.0)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4112)