Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-22336 -- CVSS 9.3 Vulnerability Briefing

CVE-2026-22336 | CVSS 9.3 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-22336 is a critical SQL injection vulnerability in the Directorist Booking WordPress plugin, affecting all versions prior to 3.0.

Technical Detail

The flaw stems from improper neutralization of user-supplied input passed to SQL queries within the Directorist Booking plugin, allowing an attacker to inject arbitrary SQL commands. Depending on the database configuration and the plugin's query context, successful exploitation could enable unauthorized data extraction, modification, or deletion from the underlying database, and in some configurations may allow privilege escalation or authentication bypass. The attack surface is any WordPress installation running a vulnerable version of the plugin where the affected functionality is accessible, potentially without authentication depending on how the plugin exposes its endpoints.

Exploitation Status

No known exploit code has been publicly identified at this time, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog. The exploit maturity is currently assessed as no known exploit, meaning there is no confirmed public proof-of-concept or evidence of active in-the-wild exploitation as of May 4, 2026.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this vulnerability in available intelligence.

What To Do

Update the Directorist Booking plugin to version 3.0 or later immediately, as this is the only confirmed remediation. Site administrators should verify the installed version via the WordPress plugin dashboard and apply the update as a priority given the critical CVSS score of 9.3. If an immediate update is not possible, consider disabling the plugin until patching can be completed. Web application firewall rules that detect and block SQL injection patterns can serve as a compensating control in the interim. Monitor database logs for anomalous query patterns that may indicate exploitation attempts.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →