CVE-2015-9460

CVE-2015-9460

The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.

Source: CVE-2015-9460