3 matches found
CVE-2024-2342
CVE-2024-2342 affects the WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments (plugin slug: simply-schedule-appointments). The vulnerability is an SQL Injection via the customer_id parameter in shortcode contexts, exploitable by authenticated attackers with contributor ac...
CVE-2024-2342 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Contributor+) SQL Injection via Shortcode
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customerid parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...
WordPress Simply Schedule Appointments Plugin <= 1.6.7.7 is vulnerable to SQL Injection
Software Simply Schedule Appointments Type Plugin Vulnerable versions = 1.6.7.7 Fixed in 1.6.7.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2342 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 36408cb83a66 Credits Krzysztof Zając Required privileg...