CVE-2026-3496

Name of the Vulnerable Software and Affected Versions JetBooking versions up to and including 4.0.3

Description The JetBooking plugin for WordPress is susceptible to SQL Injection through the check in date parameter. This is a result of inadequate escaping of user-supplied input and insufficient preparation of the existing SQL query. This allows unauthenticated attackers to append additional SQL queries to existing queries, potentially enabling them to extract sensitive information from the database.

Recommendations Versions prior to 4.0.4 are affected. Update JetBooking to version 4.0.4 or later.