34 matches found
CVE-2026-39495 WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through = 1.6.9.27...
CVE-2025-11723
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.5 via the hash function due to use of a hardcoded fall-back salt. This makes it possible for...
CVE-2017-20206
The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the wpmudevappointments cookie. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this...
CVE-2017-20206
The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the wpmudevappointments cookie. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this...
CVE-2017-20206 Appointments <= 2.2.1 - Unauthenticated PHP Object Injection
The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the wpmudevappointments cookie. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this...
CVE-2017-20206 Appointments <= 2.2.1 - Unauthenticated PHP Object Injection
The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the wpmudevappointments cookie. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this...
CVE-2017-20206
The CVE-2017-20206 entry concerns the WordPress Appointments plugin (versions up to 2.2.1). The vulnerability is a PHP Object Injection via deserialization of untrusted input from the wpmudev_appointments cookie, allowing unauthenticated attackers to inject a PHP object. The documented impact ind...
WordPress plugin Appointments 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
EUVD-2022-51992
Malicious code in bioql PyPI...
EUVD-2023-36493
Malicious code in bioql PyPI...
EUVD-2022-49598
Malicious code in bioql PyPI...
EUVD-2024-16488
Malicious code in bioql PyPI...
EUVD-2022-39136
Malicious code in bioql PyPI...
EUVD-2024-27788
Malicious code in bioql PyPI...
EUVD-2023-55584
Malicious code in bioql PyPI...
CVE-2024-2842
The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eafullcalendar' shortcode in all versions up to, and including, 3.11.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-32511
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin plugin = 1.1.8 versions...
CVE-2022-36424
Cross-Site Request Forgery CSRF vulnerability in Nikola Loncar Easy Appointments plugin = 3.11.9 versions...
CVE-2025-31828 WordPress Easy!Appointments plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
Cross-Site Request Forgery CSRF vulnerability in alextselegidis Easy!Appointments easyappointments allows Cross Site Request Forgery.This issue affects Easy!Appointments: from n/a through = 1.4.2...
WordPress Appointment Booking Calendar plugin <= - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Jeewan Kumar Bhatta in WordPress Plugin Simply Schedule Appointments versions = 1.6.7.53...