The Appointment Booking Calendar WordPress plugin was affected by a Multiple Reflected Cross-Site Scripting (XSS) and SQL Injection security vulnerability.
packetstormsecurity.com/files/133743/