2 matches found
WordPress Appointment Booking Calendar plugin <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter vulnerability
Unauthenticated SQL Injection via 'fields' Parameter vulnerability discovered by momopon1415 in WordPress Plugin Simply Schedule Appointments versions = 1.6.10.0...
CVE-2026-3658 Appointment Booking Calendar <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...