CVE-2026-1704 Appointment Booking Calendar <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the getitempermissionscheck method granting access to users with the...

CVE-2026-3045 Appointment Booking Calendar <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint

The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: 1 a non-user-bound publicnonce is exposed to unauthenticated users...

CVE-2026-1704

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the getitempermissionscheck method granting access to users with the...

WordPress Appointment Booking Calendar plugin <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint vulnerability discovered by Muhammad Sharief in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.29...

WordPress Appointment Booking Calendar plugin <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Authenticated Staff+ Sensitive Information Exposure vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.29...

PT-2026-25152

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the get item permissions check method granting access to users with the ssa manage...

WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-1708

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27. This is due to the dbwhereconditions method in the TDDBModel class failing to prevent the appendwheresql paramet...

WordPress Appointment Booking Calendar plugin <= 1.6.9.27 - Unauthenticated SQL Injection via 'append_where_sql' Parameter vulnerability

Unauthenticated SQL Injection via 'appendwheresql' Parameter vulnerability discovered by d.v4ns3c in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.27...

CVE-2026-26884

Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/viewappointment.php...

PT-2026-22752

Sourcecodester Simple Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/view appointment.php...

CVE-2026-2149

A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patientid results in cross site scripting. It is possible to...

CVE-2026-2149

A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patientid results in cross site scripting. It is possible to...

CVE-2026-2149 SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System appointments.php cross site scripting

A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patientid results in cross site scripting. It is possible to...

EUVD-2026-5800

A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patientid results in cross site scripting. It is possible to...

CVE-2026-2149

CVE-2026-2149 affects SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System v1.0. The vulnerability is a cross-site scripting (XSS) flaw caused by manipulating the patient_id argument in /appointments.php, enabling remote exploitation. Public exploits exist per the reported e...

SourceCodester Patients Waiting Area Queue Management System 代码注入漏洞

The SourceCodester Patients Waiting Area Queue Management System is an open-source system developed by SourceCodester for managing patient waiting queues. Version 1.0 of the SourceCodester Patients Waiting Area Queue Management System contains a code injection vulnerability. This vulnerability...

PT-2026-6976

Name of the Vulnerable Software and Affected Versions SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System version 1.0 Description A flaw exists in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System version 1.0 related to cross site scripting. The iss...

CVE-2025-69315

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.9.15...

CVE-2025-69315

CVE-2025-69315 concerns the WordPress plugin Simply Schedule Appointments (versions up to and including 1.6.9.15). The issue is described as a Missing Authorization / Broken Access Control vulnerability that allows exploitation of misconfigured access control security levels. Public reports (Word...