CVE-2026-3658

CVE-2026-3658 affects the WordPress plugin chain for the Appointment Booking Calendar (Simply Schedule Appointments Booking Plugin). The Wordfence detail confirms a SQL Injection via the fields parameter in all versions up to 1.6.10.0, caused by insufficient escaping of user-supplied input and in...

CVE-2026-3658 Appointment Booking Calendar <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

CVE-2026-1704

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the getitempermissionscheck method granting access to users with the...

CVE-2026-1704 Appointment Booking Calendar <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the getitempermissionscheck method granting access to users with the...

CVE-2026-1708 Appointment Booking Calendar <= 1.6.9.27 - Unauthenticated SQL Injection via 'append_where_sql' Parameter

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27. This is due to the dbwhereconditions method in the TDDBModel class failing to prevent the appendwheresql paramet...

CVE-2025-13754 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.16 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.16. This is due to the plugin exposing its admin embed endpoint at /wp-json/ssa/v1/embed-inner-admin without...

CVE-2025-13317

The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.96. This is due to the plugin exposing an unauthenticated booking processing endpoint cpabcappointmentscheckIPNverification that trusts attacker-supplied payment...

CVE-2025-13317 Appointment Booking Calendar <= 1.3.96 - Missing Authorization to Arbitrary Booking Confirmation via 'cpabc_ipncheck' Parameter

The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.96. This is due to the plugin exposing an unauthenticated booking processing endpoint cpabcappointmentscheckIPNverification that trusts attacker-supplied payment...

EUVD-2015-1109

Malware in sbrugna...

EUVD-2023-50441

Malicious code in bioql PyPI...

EUVD-2024-28481

Malicious code in bioql PyPI...

CVE-2023-46198

Cross-Site Request Forgery CSRF vulnerability in Scientech It Solution Appointment Calendar plugin = 2.9.6 versions...

CVE-2024-30561

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scientech It Solution Appointment Calendar allows Reflected XSS.This issue affects Appointment Calendar: from n/a through 2.9.6...

WordPress Appointment Booking Calendar plugin <= 1.6.7.53 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Jeewan Kumar Bhatta in WordPress Plugin Simply Schedule Appointments versions = 1.6.7.53...

CVE-2024-7129

The Appointment Booking Calendar WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to remote code Execution by high privilege such as admins...

PT-2024-19865 · WordPress · The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Name of the Vulnerable Software and Affected Versions: The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress versions up to, and including, 1.6.7.7 Description: The issue is related to SQL Injection via the keys parameter due to insufficient escaping ...

Appointment Calendar <= 2.9.6 - Reflected Cross-Site Scripting

Description The Appointment Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.9.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-30561

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scientech It Solution Appointment Calendar allows Reflected XSS.This issue affects Appointment Calendar: from n/a through 2.9.6...

CVE-2024-30561

CVE-2024-30561 is a Reflected Cross‑Site Scripting vulnerability in the WordPress plugin Appointment Calendar by Scientech It Solution. It affects versions listed as “from n/a through 2.9.6,” arising from improper neutralization of input during web page generation. The CVSSv3.1 base score is 7.1 ...

CVE-2024-30561 WordPress Appointment Calendar plugin <= 2.9.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scientech It Solution Appointment Calendar allows Reflected XSS.This issue affects Appointment Calendar: from n/a through 2.9.6...