WordPress Appointment Booking Calendar plugin version 1.1.24 suffers from a remote SQL injection through addslashes.