What is the CVSS score of CVE-2026-22336?

CVE-2026-22336 has a CVSS 3.1 base score of 9.3 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L. EPSS exploitation probability: 0.0%.

Which versions of Directorist Booking are affected by CVE-2026-22336?

Directorist Booking WordPress plugin versions prior to 3.0.2 contain a critical unauthenticated SQL injection vulnerability (CVSS 9.3) that allows remote attackers to extract sensitive database…. A patch is available.

Directorist Booking CVE-2026-22336

EUVD-2026-25813 CRITICAL

SQL Injection (CWE-89)

2026-04-27 Patchstack

SQLi

9.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

Low

Lifecycle Timeline

Re-analysis Queued

Apr 27, 2026 - 18:52 vuln.today

cvss_changed

Patch released

Apr 27, 2026 - 18:37 nvd

Patch available

Apr 27, 2026 - 12:01 EUVD

Analysis Generated

Apr 27, 2026 - 11:30 vuln.today

EUVD ID Assigned

Apr 27, 2026 - 11:00 euvd

EUVD-2026-25813

Analysis Generated

Apr 27, 2026 - 11:00 vuln.today

CVE Published

Apr 27, 2026 - 10:24 nvd

CRITICAL 9.3

DescriptionNVD

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Directorist Booking allows SQL Injection.This issue affects Directorist Booking: from n/a before 3.0.2.

AnalysisAI

Unauthenticated SQL injection in Directorist Booking WordPress plugin allows remote attackers to extract sensitive database contents and cause limited denial of service. The vulnerability affects all versions prior to 3.0.2 and can be exploited remotely with low complexity and no authentication (CVSS:3.1 AV:N/AC:L/PR:N/UI:N). …

RemediationAI

Within 24 hours: audit all WordPress installations to identify Directorist Booking plugin presence and current versions. Within 7 days: upgrade all instances to version 3.0.2 or later; if version 3.0.2 is unavailable for your deployment, disable the plugin immediately and document business justification. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-22336 vulnerability details – vuln.today

Back

Directorist Booking CVE-2026-22336

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code