2019-10-10 18:15:11 2019-10-15 16:30:35

The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.