CVE-2026-7493 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.11.5 - Unauthenticated Denial of Service

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP's sleep function on a...

WordPress plugin Appointment Booking and Scheduler Plugin – Truebooker 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-1704

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the getitempermissionscheck method granting access to users with the...

WordPress Appointment Booking Calendar plugin <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter vulnerability

Unauthenticated SQL Injection via 'fields' Parameter vulnerability discovered by momopon1415 in WordPress Plugin Simply Schedule Appointments versions = 1.6.10.0...

EUVD-2020-17047

Malware in sbrugna...

CVE-2024-4288

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping. This makes it possible f...

CVE-2024-4288 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping. This makes it possible f...

PT-2020-15678 · Etoile Web Design · Etoile Web Design Ultimate Appointment Booking & Scheduling Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin versions 1.1.9 and lower Description: The issue is related to a reflected XSS vulnerability. It occurs because the Appointment ID GET parameter value is not properly...