11 matches found
CVE-2020-9372
The CVE affects the WordPress plugin Appointment Booking Calendar prior to version 1.3.35. The vulnerability allows any user-supplied input in booking form fields (e.g., Description or Name) to be treated as a formula and exported via the CSV export in the admin bookings list, enabling remote cod...
CVE-2020-9371
The CVE refers to the WordPress plugin Appointment Booking Calendar (cpabc_appointments.php). A Stored XSS exists in the Calendar Name input, allowing injection of arbitrary JavaScript/HTML in versions prior to 1.3.35. The vulnerability is triggered through normal admin functionality when creatin...
CVE-2024-0856
Summary: CVE-2024-0856 affects the WordPress plugin “Appointment Booking Calendar” prior to version 1.3.83. The issue is the absence of CSRF checks in certain areas, enabling logged-in users to be induced into performing unwanted actions (e.g., adding a booking without paying). Impact per sources...
CVE-2015-7319
CVE-2015-7319 affects the WordPress plugin “Appointment Booking Calendar” prior to version 1.1.8. The vulnerability is a SQL injection in cpabc_appointments_admin_int_calendar_list.inc.php that allows remote attackers to execute arbitrary SQL commands via vectors related to updating the username....
CVE-2015-7320
CVE-2015-7320 documents multiple reflective XSS vulnerabilities in the WordPress plugin Appointment Booking Calendar, specifically in the file cpabc_appointments_admin_int_bookings_list.inc.php. Affected version: 1.1.7 (WordPress DWBooster’s Appointment Booking Calendar). The root cause is lack o...
CVE-2022-43482
CVE-2022-43482 affects the WordPress Appointment Booking Calendar plugin (versions
CVE-2025-46241
CVE-2025-46241 refers to a CSRF to SQL Injection vulnerability in the WordPress plugin “Appointment Booking Calendar” by codepeople, affecting versions up to 1.3.92. The issue enables CSRF to potentially trigger SQL injection on vulnerable endpoints, with high impact as per CVSS metrics (high con...
CVE-2025-46247
CVE-2025-46247 documents a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin Appointment Booking Calendar by Codepeople, affecting versions up to 1.3.92. The issue allows accessing functionality not properly constrained by ACLs. Public sources (NVD, Red Hat, CVE ...
CVE-2019-14791
CVE-2019-14791 affects the WordPress plugin Appointment Booking Calendar (version 1.3.18). The vulnerability is an XSS in the wp-admin/admin-post.php editionarea parameter via the cpabc_appointments_save_edition() flow, caused by lack of authorization checks for cfwpp_edit values (e.g., js or css...
CVE-2016-10916
CVE-2016-10916 affects the WordPress Appointment Booking Calendar plugin, with SQL injection in versions prior to 1.1.24. The three Red Hat/NVD/CNVD-style entries confirm an unauthenticated SQL injection vulnerability that can allow an attacker to execute arbitrary SQL commands (network access). ...
CVE-2024-12274
The CVE-2024-12274 entry concerns BookingPress (Appointment Booking Calendar Plugin and Scheduling Plugin) for WordPress, affecting versions before 1.1.23. Technical details across connected sources confirm an unauthenticated risk: the Export Settings feature writes data to a publicly accessible ...