Plugin: bookr Vulnerable Version: 1.0.2 File: includes/rest-api/controller/appointment-controller.php Last Change: Revision 3246368, 12 months ago by bsssoftware Key Vulnerability Information: Potential SQL Injection: The , , and functions interact with the database. Without proper input validation and sanitation, they may be susceptible to SQL injection attacks. Lack of Input Validation: The and functions use to get data directly from the request. If there's no sufficient validation, an attacker could manipulate this data to cause security issues. Insufficient Error Handling: The function catches exceptions but only returns a generic error message, which might not be descriptive enough to help with debugging potential security-related issues. Permissions: The function requires for access, which could be a mitigating factor if misused functions are called by unauthorized users.