Plugin: bookr Vulnerable Version: 1.0.2 File: includes/rest-api/controller/appointment-controller.php Last Change: Revision 3246368, 12 months ago by bsssoftware Key Vulnerability Information: Potential SQL Injection: The , , and functions interact with the database. Without proper input validation and sanitization, they may be susceptible to SQL injection attacks. Lack of Input Validation: The and functions use to retrieve data directly from the request. If insufficient validation is in place, an attacker could manipulate this data to trigger security issues. Insufficient Error Handling: The function catches exceptions but only returns a generic error message, which may not be detailed enough to assist in debugging potential security-related problems. Permissions: The function requires for access, which may serve as a mitigating factor if unauthorized users attempt to invoke misused functions.