Description
WordPress Plugin Sagenda-Free booking system is prone to a vulnerability that lets remote attackers inject and execute arbitrary code because the application fails to sanitize user-supplied input before being passed to the unserialize() PHP function. Attackers can possibly exploit this issue to delete files that the current user has access to. WordPress Plugin Sagenda-Free booking system version 1.3.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.3 or latest
References
Related Vulnerabilities
WordPress Plugin Newsletter-Send awesome emails from WordPress Open Redirect (2.6.4.4)
WordPress Plugin Email Subscriber Cross-Site Scripting (1.1)
Oracle Database Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-1363)
Microsoft SQL Server Other Vulnerability (CVE-2002-0056)
Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7864)