Product
The Booking Package plugin for WordPress is vulnerable to unauthenticated generic SQL Injection via the 'email' form parameter in versions up to and including 1.7.20, allowing attackers to extract sensitive information from the database.