CVE-2026-1704

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the getitempermissionscheck method granting access to users with the...

WordPress Appointment Booking Calendar plugin <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint vulnerability discovered by Muhammad Sharief in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.29...

PT-2026-25154

The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: 1 a non-user-bound public nonce is exposed to unauthenticated users...

WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...