Appointment Booking Calendar Security Vulnerabilities and Issues — Appointment Booking Calendar CVE List

Lucene search

CodepeopleAppointment Booking Calendar

11 matches found

CVE•added 2020/03/04 7:15 p.m.•116 views

CVE-2020-9371

Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.

4.8CVSS5AI score0.00428EPSS

CVE•added 2020/03/04 7:15 p.m.•115 views

CVE-2020-9372

The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve ...

7.8CVSS8AI score0.18538EPSS

CVE•added 2024/03/20 5:15 a.m.•54 views

CVE-2024-0856

The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying.

8.8CVSS8.6AI score0.00154EPSS

CVE•added 2022/11/18 8:15 p.m.•53 views

CVE-2022-43482

Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.

8.8CVSS6.4AI score0.00119EPSS

CVE•added 2025/04/22 10:15 a.m.•50 views

CVE-2025-46241

Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar allows SQL Injection. This issue affects Appointment Booking Calendar: from n/a through 1.3.92.

8.8CVSS8.4AI score0.00022EPSS

CVE•added 2015/09/29 7:59 p.m.•47 views

CVE-2015-7319

SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username.

7.5CVSS9.8AI score0.00417EPSS

CVE•added 2015/09/29 7:59 p.m.•47 views

CVE-2015-7320

Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00225EPSS

CVE•added 2025/04/22 10:15 a.m.•40 views

CVE-2025-46247

Missing Authorization vulnerability in codepeople Appointment Booking Calendar allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Appointment Booking Calendar: from n/a through 1.3.92.

9.8CVSS5.3AI score0.00066EPSS

CVE•added 2019/08/09 2:15 p.m.•37 views

CVE-2019-14791

The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter.

6.1CVSS6AI score0.00243EPSS

CVE•added 2019/08/22 1:15 p.m.•35 views

CVE-2016-10916

The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.

9.8CVSS9.5AI score0.00513EPSS

CVE•added 2025/01/13 6:15 a.m.•17 views

CVE-2024-12274

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files (if they exist).

7.5CVSS6.5AI score0.00056EPSS