WordPress plugin Appointment 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-1704

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the getitempermissionscheck method granting access to users with the...

WordPress Bookster - WordPress Appointment Booking Plugin plugin <= 2.1.1 - Authenticated (Administrator+) SQL Injection via 'raw' vulnerability

WordPress Bookster - WordPress Appointment Booking Plugin plugin = 2.1.1 - Authenticated Administrator+ SQL Injection via 'raw' vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Bookster versions = 2.1.1...

CVE-2026-0742 Smart Appointment & Booking <= 1.0.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via saab_save_form_data AJAX Action

The Smart Appointment & Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saabsaveformdata AJAX action in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-12166

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the order and appendwheresql parameters in all versions up to, and including, 1.6.9.9 due to insufficient escaping on the user supplied parameter and lack o...

CVE-2025-12166

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the order and appendwheresql parameters in all versions up to, and including, 1.6.9.9 due to insufficient escaping on the user supplied parameter and lack o...

WordPress Easy Appointments plugin cross-site scripting vulnerability

WordPress Easy Appointments plugin is a free WordPress appointment management plugin, mainly used to create and manage service appointment system, support multi-location, multi-service, multi-staff appointment function. A cross-site scripting vulnerability exists in the WordPress Easy Appointment...

WordPress Doctor Appointment Booking Plugin <= 1.0.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO - Fore-Z co.ltd in WordPress Plugin Doctor Appointment Booking versions = 1.0.0...

CVE-2025-23672

CVE-2025-23672 is a reflected XSS vulnerability in Instant Appointment (NotFound Instant Appointment) affecting versions up to 1.2. The issue arises from improper input neutralization during web page generation. The CVE entry notes Reflected XSS; connected Red Hat and Wordfence references corrobo...

WordPress Instant Appointment plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Instant Appointment versions = 1.2...

CVE-2024-54361 WordPress Instant Appointment plugin <= 1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in outstrip Instant Appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through 1.2...

CVE-2024-10729

CVE-2024-10729 affects Booking & Appointment Plugin for WooCommerce for WordPress (versions up to and including 6.9.0). Root cause: missing capability check in the save_google_calendar_data function, allowing authenticated users with subscriber-level permissions or higher to arbitrarily update si...

CVE-2024-7877

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is...

WordPress Plugin Appointment & Event Booking Calendar Plugin Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Book appointment, which stems from a lack o...

Book appointment Online < 1.39 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape Service Prices before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC In the admin dashboard navigate to Services Add service and put the...