4 matches found
CVE-2025-13754
The CVE-2025-13754 entry affects the WordPress plugin Simply Schedule Appointments (Appointment Booking Calendar) up to version 1.6.9.16. Root cause is unauthenticated access to the admin embed endpoint /wp-json/ssa/v1/embed-inner-admin, causing leakage of private configuration data (staff names,...
CVE-2025-13754 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.16 - Missing Authorization to Unauthenticated Sensitive Information Exposure
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.16. This is due to the plugin exposing its admin embed endpoint at /wp-json/ssa/v1/embed-inner-admin without...
PT-2025-52418
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.16. This is due to the plugin exposing its admin embed endpoint at /wp-json/ssa/v1/embed-inner-admin without...
domainbusinessnames.com XSS vulnerability
Vulnerable URL: http://www.domainbusinessnames.com/utils/UnSubscribeMe.bml?Name=JUSTXSSS=EstrellaWarBirdsNews=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...