The appointment-booking-calendar plugin prior to 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.
codepeople appointment booking calendar