CVE-2022-1463

Name of the Vulnerable Software and Affected Versions Booking Calendar plugin for WordPress version 9.1 and earlier

Description The issue allows for PHP Object Injection via the bookingflextimeline shortcode. This could be exploited by subscriber-level users and above to call arbitrary PHP objects on a vulnerable site.

Recommendations For versions up to and including 9.1, update to a version later than 9.1 to resolve the issue. As a temporary workaround, consider restricting access to the bookingflextimeline shortcode until a patch is available.