PT-2026-40457 · WordPress · Court Reservation – Manage Your Court Bookings Online

Published

2026-05-12

Updated

2026-05-13

CVE-2026-1250

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Court Reservation – Manage Your Court Bookings Online versions prior to 1.10.12

Description The Court Reservation – Manage Your Court Bookings Online plugin for WordPress contains a generic SQL Injection flaw. This issue occurs due to insufficient escaping of user-supplied parameters and a lack of proper preparation of the SQL query. Unauthenticated attackers can append additional SQL queries via the id parameter to extract sensitive information from the database.

Recommendations Update the plugin to a version later than 1.10.11. As a temporary workaround, restrict access to the functionality utilizing the id parameter until the update is applied.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2026-1250

Affected Products

Court Reservation – Manage Your Court Bookings Online

CVE-2026-1250

Weakness Enumeration

Related Identifiers

Affected Products

References · 8