Lucene search
K
CodepeopleAppointment Booking Calendar*

8 matches found

CVE
CVE
added 2020/03/04 6:12 p.m.130 views

CVE-2020-9372

The CVE affects the WordPress plugin Appointment Booking Calendar prior to version 1.3.35. The vulnerability allows any user-supplied input in booking form fields (e.g., Description or Name) to be treated as a formula and exported via the CSV export in the admin bookings list, enabling remote cod...

7.8CVSS8AI score0.08612EPSS
Web
CVE
CVE
added 2020/03/04 6:11 p.m.129 views

CVE-2020-9371

The CVE refers to the WordPress plugin Appointment Booking Calendar (cpabc_appointments.php). A Stored XSS exists in the Calendar Name input, allowing injection of arbitrary JavaScript/HTML in versions prior to 1.3.35. The vulnerability is triggered through normal admin functionality when creatin...

4.8CVSS5AI score0.03591EPSS
CVE
CVE
added 2024/03/20 5:0 a.m.77 views

CVE-2024-0856

Summary: CVE-2024-0856 affects the WordPress plugin “Appointment Booking Calendar” prior to version 1.3.83. The issue is the absence of CSRF checks in certain areas, enabling logged-in users to be induced into performing unwanted actions (e.g., adding a booking without paying). Impact per sources...

8.8CVSS8.6AI score0.00384EPSS
CVE
CVE
added 2022/11/18 7:3 p.m.65 views

CVE-2022-43482

CVE-2022-43482 affects the WordPress Appointment Booking Calendar plugin (versions

8.8CVSS6.4AI score0.00494EPSS
CVE
CVE
added 2025/04/22 9:53 a.m.63 views

CVE-2025-46241

CVE-2025-46241 refers to a CSRF to SQL Injection vulnerability in the WordPress plugin “Appointment Booking Calendar” by codepeople, affecting versions up to 1.3.92. The issue enables CSRF to potentially trigger SQL injection on vulnerable endpoints, with high impact as per CVSS metrics (high con...

8.8CVSS7.3AI score0.0016EPSS
CVE
CVE
added 2025/04/22 9:53 a.m.51 views

CVE-2025-46247

CVE-2025-46247 documents a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin Appointment Booking Calendar by Codepeople, affecting versions up to 1.3.92. The issue allows accessing functionality not properly constrained by ACLs. Public sources (NVD, Red Hat, CVE ...

9.8CVSS7.2AI score0.00322EPSS
CVE
CVE
added 2019/08/22 12:11 p.m.48 views

CVE-2016-10916

CVE-2016-10916 affects the WordPress Appointment Booking Calendar plugin, with SQL injection in versions prior to 1.1.24. The three Red Hat/NVD/CNVD-style entries confirm an unauthenticated SQL injection vulnerability that can allow an attacker to execute arbitrary SQL commands (network access). ...

9.8CVSS9.5AI score0.01815EPSS
CVE
CVE
added 2025/01/13 6:0 a.m.34 views

CVE-2024-12274

The CVE-2024-12274 entry concerns BookingPress (Appointment Booking Calendar Plugin and Scheduling Plugin) for WordPress, affecting versions before 1.1.23. Technical details across connected sources confirm an unauthenticated risk: the Export Settings feature writes data to a publicly accessible ...

7.5CVSS6.5AI score0.00616EPSS