6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
24.2%
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
patchstack.com/database/vulnerability/appointment-calendar/wordpress-appointment-calendar-plugin-2-9-6-cross-site-request-forgery-csrf-vulnerability
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/appointment-calendar/appointment-calendar-296-cross-site-request-forgery