WordPress Appointment Booking Calendar plugin versions 1.1.23 and below suffer from a remote SQL injection vulnerability.