CVE-2026-1250: WordPress Court Booking Plugin SQL Injection
The Court Reservation – Manage Your Court Bookings Online plugin for WordPress, in all versions up to and including 1.10.11, is vulnerable to generic SQL Injection. The National Vulnerability Database reports this is due to insufficient escaping on the ‘id’ parameter and a lack of proper preparation in the existing SQL query.
This flaw allows unauthenticated attackers to inject additional SQL queries into existing ones. The National Vulnerability Database states this can be leveraged to extract sensitive information directly from the database, posing a significant risk to data confidentiality. The vulnerability carries a CVSS score of 7.5 (HIGH).
Attackers’ calculus here is straightforward: target widely used WordPress plugins with known SQLi vectors. The low bar for exploitation (unauthenticated, network-adjacent) makes this an attractive target for initial access and data exfiltration. Defenders need to assume compromise if this plugin is unpatched and exposed.
What This Means For You
- If your organization uses the Court Reservation – Manage Your Court Bookings Online WordPress plugin, you need to verify its version immediately. Any instance running version 1.10.11 or older is exposed to unauthenticated SQL injection via CVE-2026-1250. Prioritize patching or removing this plugin to prevent database compromise and sensitive data exfiltration.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-1250: WordPress Court Booking SQL Injection Attempt
title: CVE-2026-1250: WordPress Court Booking SQL Injection Attempt
id: scw-2026-05-12-ai-1
status: experimental
level: high
description: |
Detects attempts to exploit CVE-2026-1250 in the WordPress Court Reservation plugin. The rule specifically looks for SQL injection patterns targeting the 'id' parameter, such as 'id=110 AND' or 'id=110 OR', which are indicative of attempts to manipulate the query and extract data.
author: SCW Feed Engine (AI-generated)
date: 2026-05-12
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-1250/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri-query|contains:
- 'id=110%20AND%20'
- 'id=110%20OR%20'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-1250 | Vulnerability | CVE-2026-1250 |
| CVE-2026-1250 | Affected Product | all |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 13, 2026 at 02:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
Fuji Tellus Driver Grants All Users Kernel R/W: CVE-2026-8108
CVE-2026-8108 — The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions.
MonsterInsights WordPress Plugin Exposes Google OAuth Tokens
CVE-2026-5371 — The MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin for WordPress is vulnerable to unauthorized access and modification of...
ChurchCRM CVE-2026-44548: High-Severity CSRF Allows Silent Record Deletion
CVE-2026-44548 — ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDelete.php...