A vulnerability marked as critical has been reported in wpWax Directorist Booking Plugin up to 3.0.3 on WordPress. This affects an unknown part. Performing a manipulation results in sql injection. This vulnerability is identified as CVE-2026-49073 . The attack can be initiated remotely. There is not any exploit available.