CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

529 matches found

TrueBooker <= 1.0.2 - SQL Injection

The TrueBooker Appointment Booking and Scheduler Plugin. plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

9.8CVSS6AI score0.03292EPSS

Exploits1References2

EUVD•added yesterday•7 views

EUVD-2026-37980

The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score

Exploits0References4

NVD•added 2 days ago•6 views

CVE-2026-12111

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabcappointmentscalendarload2 function, which is reachable vi...

4.3CVSS0.00285EPSS

Exploits0References10

EUVD•added 2 days ago•5 views

EUVD-2026-37864

4.3CVSS5.4AI score0.00285EPSS

Exploits0References10

Patchstack•added 3 days ago•5 views

WordPress Appointment Booking Calendar plugin <= 1.4.01 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by ? in WordPress Plugin Appointment Booking Calendar versions = 1.4.01...

4.3CVSS5.3AI score0.00285EPSS

Exploits0References1Affected Software1

NVD•added 5 days ago•8 views

CVE-2016-20084

WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScrip...

7.2CVSS0.00245EPSS

Exploits0References3

Cvelist•added 5 days ago•32 views

CVE-2016-20084 WordPress appointment-booking-calendar 1.1.24 Privilege Escalation XSS

7.2CVSS0.00245EPSS

Exploits0References3

Vulnrichment•added 5 days ago•6 views

CVE-2016-20084 WordPress appointment-booking-calendar 1.1.24 Privilege Escalation XSS

7.2CVSS5.3AI score0.00245EPSS

Exploits0References3

Positive Technologies•added 5 days ago•8 views

PT-2026-49222

7.2CVSS5.3AI score0.00245EPSS

Exploits0References4

RedhatCVE•added 2026/06/05 7:50 p.m.•7 views

CVE-2026-7089

A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the component Appointment Booking. The manipulation of the argument fname/lname leads to cross site scripting. The attack may be initiated...

5.3CVSS3.8AI score0.00377EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:35 p.m.•8 views

CVE-2026-5693

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...

5.3CVSS5.5AI score0.00228EPSS

Exploits0References1

NVD•added 2026/05/28 8:16 a.m.•9 views

CVE-2026-7797

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'appendwheresql' parameter in all versions up to, and including, 1.6.11.8 due to insufficient escaping on the user supplied parameter and lac...

7.5CVSS0.00398EPSS

Exploits0References11

CVE•added 2026/05/28 7:43 a.m.•12 views

CVE-2026-6937

The CVE covers the WordPress plugin Simply Schedule Appointments (Appointment Booking Calendar) with versions up to 1.6.11.8. Root cause: Missing authorization on the bulk appointments REST API endpoint, allowing unauthenticated attackers to modify arbitrary appointment records (including custome...

5.3CVSS5.9AI score0.00377EPSS

Exploits0References11

EUVD•added 2026/05/28 6:45 a.m.•8 views

EUVD-2026-32739

7.5CVSS5.8AI score0.00398EPSS

Exploits0References11

Cvelist•added 2026/05/28 6:45 a.m.•32 views

CVE-2026-7797 Appointment Booking Calendar <= 1.6.11.8 - Unauthenticated SQL Injection via 'append_where_sql' Parameter

7.5CVSS0.00398EPSS

Exploits0References11

ATTACKERKB•added 2026/05/28 6:45 a.m.•6 views

CVE-2026-7797

7.5CVSS5.8AI score0.00398EPSS

Exploits0References12

Vulnrichment•added 2026/05/28 6:45 a.m.•7 views

CVE-2026-7797 Appointment Booking Calendar <= 1.6.11.8 - Unauthenticated SQL Injection via 'append_where_sql' Parameter

7.5CVSS5.8AI score0.00398EPSS

Exploits0References11

CVE•added 2026/05/28 6:45 a.m.•16 views

CVE-2026-7797

The CVE covers the WordPress plugin Appointment Booking Calendar – Simply Schedule Appointments . The vulnerability exists in versions up to

7.5CVSS5.8AI score0.00398EPSS

Exploits0References11

CNNVD•added 2026/05/28 12:0 a.m.•7 views

WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.5CVSS5.9AI score0.00398EPSS

Exploits0References11

CNNVD•added 2026/05/28 12:0 a.m.•6 views

WordPress plugin Appointment Booking Calendar 安全漏洞

5.3CVSS5.9AI score0.00377EPSS

Exploits0References11

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by