codepeople appointment_booking_calendar CVE Vulnerabilities (11)

CVEs: 11 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting codepeople appointment_booking_calendar (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 111 of 11 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2025-46247 Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92. [email protected] 5.3 0.32% 2025-04-22 2026-06-17
CVE-2025-46241 Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92. [email protected] 8.2 0.16% 2025-04-22 2026-06-17
CVE-2024-12274 The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files (if they exist). [email protected] 7.5 0.62% 2025-01-13 2026-06-17
CVE-2024-0856 The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying. [email protected] 8.8 0.38% 2024-03-20 2026-06-17
CVE-2022-43482 Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress. [email protected] 4.3 0.49% 2022-11-18 2026-06-17
CVE-2020-9372 The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection. [email protected] 7.8 8.61% 2020-03-04 2026-06-16
CVE-2020-9371 Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML. [email protected] 4.8 3.59% 2020-03-04 2026-06-16
CVE-2016-10916 The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319. [email protected] 9.8 1.81% 2019-08-22 2026-06-16
CVE-2019-14791 The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. [email protected] 6.1 1.39% 2019-08-09 2026-06-16
CVE-2015-7320 Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [email protected] 4.3 2.14% 2015-09-29 2026-06-16
CVE-2015-7319 SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username. [email protected] 7.5 2.43% 2015-09-29 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence