Search
Find a vulnerability
Search criteria
22 vulnerabilities found for appointment_booking_calendar by codepeople
CVE-2025-46247 (GCVE-0-2025-46247)
Vulnerability from nvd – Published: 2025-04-22 09:53 – Updated: 2026-04-28 16:12
VLAI
Title
WordPress Appointment Booking Calendar plugin <= 1.3.92 - Broken Access Control Vulnerability
Summary
Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| codepeople | Appointment Booking Calendar |
Affected:
0 , ≤ 1.3.92
(custom)
|
Date Public
2026-04-01 16:39
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T16:06:03.220517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:06:28.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "appointment-booking-calendar",
"product": "Appointment Booking Calendar",
"vendor": "codepeople",
"versions": [
{
"changes": [
{
"at": "1.3.93",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.3.92",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "timomangcut | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:39:39.613Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects Appointment Booking Calendar: from n/a through \u003c= 1.3.92.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Appointment Booking Calendar: from n/a through \u003c= 1.3.92."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:36.985Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/appointment-booking-calendar/vulnerability/wordpress-appointment-booking-calendar-1-3-92-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Appointment Booking Calendar plugin \u003c= 1.3.92 - Broken Access Control Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-46247",
"datePublished": "2025-04-22T09:53:31.891Z",
"dateReserved": "2025-04-22T09:21:43.075Z",
"dateUpdated": "2026-04-28T16:12:36.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-46241 (GCVE-0-2025-46241)
Vulnerability from nvd – Published: 2025-04-22 09:53 – Updated: 2026-04-28 16:12
VLAI
Title
WordPress Appointment Booking Calendar plugin <= 1.3.92 - CSRF to SQL Injection vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| codepeople | Appointment Booking Calendar |
Affected:
0 , ≤ 1.3.92
(custom)
|
Date Public
2026-04-01 16:39
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46241",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T16:51:54.800443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:52:09.206Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "appointment-booking-calendar",
"product": "Appointment Booking Calendar",
"vendor": "codepeople",
"versions": [
{
"changes": [
{
"at": "1.3.93",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.3.92",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Martino Spagnuolo (r3verii) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:39:39.500Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.\u003cp\u003eThis issue affects Appointment Booking Calendar: from n/a through \u003c= 1.3.92.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.This issue affects Appointment Booking Calendar: from n/a through \u003c= 1.3.92."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:36.933Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/appointment-booking-calendar/vulnerability/wordpress-appointment-booking-calendar-plugin-1-3-92-csrf-to-sql-injection-vulnerability?_s_id=cve"
}
],
"title": "WordPress Appointment Booking Calendar plugin \u003c= 1.3.92 - CSRF to SQL Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-46241",
"datePublished": "2025-04-22T09:53:28.272Z",
"dateReserved": "2025-04-22T09:21:32.319Z",
"dateUpdated": "2026-04-28T16:12:36.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12274 (GCVE-0-2024-12274)
Vulnerability from nvd – Published: 2025-01-13 06:00 – Updated: 2025-08-27 12:00
VLAI
Title
BookingPress < 1.1.23 - Unauthenticated Export File Download
Summary
The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files (if they exist).
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/e3176c9a-63f3-4a… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Appointment Booking Calendar Plugin and Scheduling Plugin |
Affected:
0 , < 1.1.23
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-12274",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T14:55:34.840602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T14:55:58.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Appointment Booking Calendar Plugin and Scheduling Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.1.23",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files (if they exist)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-340 Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T12:00:25.696Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/e3176c9a-63f3-4a28-a8a7-8abb2b4100ef/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BookingPress \u003c 1.1.23 - Unauthenticated Export File Download",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-12274",
"datePublished": "2025-01-13T06:00:01.193Z",
"dateReserved": "2024-12-05T18:29:09.587Z",
"dateUpdated": "2025-08-27T12:00:25.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0856 (GCVE-0-2024-0856)
Vulnerability from nvd – Published: 2024-03-20 05:00 – Updated: 2024-08-05 18:06
VLAI
Title
Booking Calendar < 1.3.83 - CSRF appointment scheduling
Summary
The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/eb383600-0cff-4f… | exploitvdb-entrytechnical-description |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Appointment Booking Calendar |
Affected:
0 , < 1.3.83
(semver)
|
|
| codepeople | appointment_booking_calendar |
Affected:
0 , < 1.3.83
(semver)
cpe:2.3:a:codepeople:appointment_booking_calendar:*:*:*:*:*:wordpress:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/eb383600-0cff-4f24-8127-1fb118f0565a/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:codepeople:appointment_booking_calendar:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "appointment_booking_calendar",
"vendor": "codepeople",
"versions": [
{
"lessThan": "1.3.83",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-0856",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T18:02:21.787624Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T18:06:03.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Appointment Booking Calendar",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.3.83",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sushil Phuyal"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T05:00:02.675Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/eb383600-0cff-4f24-8127-1fb118f0565a/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Booking Calendar \u003c 1.3.83 - CSRF appointment scheduling",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-0856",
"datePublished": "2024-03-20T05:00:02.675Z",
"dateReserved": "2024-01-24T11:38:06.130Z",
"dateUpdated": "2024-08-05T18:06:03.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43482 (GCVE-0-2022-43482)
Vulnerability from nvd – Published: 2022-11-18 19:03 – Updated: 2026-04-28 16:07
VLAI
Title
WordPress Appointment Booking Calendar plugin <= 1.3.69 - Missing Authorization vulnerability
Summary
Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodePeople | Appointment Booking Calendar (WordPress plugin) |
Affected:
<= 1.3.69 , ≤ 1.3.69
(custom)
|
Date Public
2022-10-30 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/appointment-booking-calendar/wordpress-appointment-booking-calendar-plugin-1-3-69-missing-authorization-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:20:20.988226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T19:52:17.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Appointment Booking Calendar (WordPress plugin)",
"vendor": "CodePeople",
"versions": [
{
"lessThanOrEqual": "1.3.69",
"status": "affected",
"version": "\u003c= 1.3.69",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Lana Codes (Patchstack Alliance)"
}
],
"datePublic": "2022-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Appointment Booking Calendar plugin \u003c= 1.3.69 on WordPress."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:07:50.862Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"url": "https://patchstack.com/database/vulnerability/appointment-booking-calendar/wordpress-appointment-booking-calendar-plugin-1-3-69-missing-authorization-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 1.3.70 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Appointment Booking Calendar plugin \u003c= 1.3.69 - Missing Authorization vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-43482",
"datePublished": "2022-11-18T19:03:50.226Z",
"dateReserved": "2022-10-19T00:00:00.000Z",
"dateUpdated": "2026-04-28T16:07:50.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-9372 (GCVE-0-2020-9372)
Vulnerability from nvd – Published: 2020-03-04 18:12 – Updated: 2024-08-04 10:26
VLAI
Summary
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/appointment-booking… | x_refsource_MISC |
| https://drive.google.com/open?id=1NNcYPaJir9SleyV… | x_refsource_MISC |
| https://www.hotdreamweaver.com/support/view.php?i… | x_refsource_MISC |
| http://packetstormsecurity.com/files/156694/WordP… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.hotdreamweaver.com/support/view.php?id=815925"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T21:06:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.hotdreamweaver.com/support/view.php?id=815925"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/appointment-booking-calendar/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
},
{
"name": "https://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9"
},
{
"name": "https://www.hotdreamweaver.com/support/view.php?id=815925",
"refsource": "MISC",
"url": "https://www.hotdreamweaver.com/support/view.php?id=815925"
},
{
"name": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9372",
"datePublished": "2020-03-04T18:12:31.000Z",
"dateReserved": "2020-02-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:26:16.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9371 (GCVE-0-2020-9371)
Vulnerability from nvd – Published: 2020-03-04 18:11 – Updated: 2024-08-04 10:26
VLAI
Summary
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/appointment-booking… | x_refsource_MISC |
| https://drive.google.com/open?id=1NNcYPaJir9SleyV… | x_refsource_MISC |
| https://www.hotdreamweaver.com/support/view.php?i… | x_refsource_MISC |
| https://wpvulndb.com/vulnerabilities/10110 | x_refsource_MISC |
| http://packetstormsecurity.com/files/156694/WordP… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.hotdreamweaver.com/support/view.php?id=815925"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/10110"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T21:06:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.hotdreamweaver.com/support/view.php?id=815925"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/10110"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/appointment-booking-calendar/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
},
{
"name": "https://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9"
},
{
"name": "https://www.hotdreamweaver.com/support/view.php?id=815925",
"refsource": "MISC",
"url": "https://www.hotdreamweaver.com/support/view.php?id=815925"
},
{
"name": "https://wpvulndb.com/vulnerabilities/10110",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/10110"
},
{
"name": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9371",
"datePublished": "2020-03-04T18:11:35.000Z",
"dateReserved": "2020-02-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:26:16.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10916 (GCVE-0-2016-10916)
Vulnerability from nvd – Published: 2019-08-22 12:11 – Updated: 2024-08-06 03:38
VLAI
Summary
The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/appointment-booking… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-22T12:11:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/appointment-booking-calendar/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10916",
"datePublished": "2019-08-22T12:11:21.000Z",
"dateReserved": "2019-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:38:56.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14791 (GCVE-0-2019-14791)
Vulnerability from nvd – Published: 2019-08-09 13:32 – Updated: 2024-08-05 00:26
VLAI
Summary
The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpvulndb.com/vulnerabilities/9426 | x_refsource_MISC |
| https://wordpress.org/plugins/appointment-booking… | x_refsource_MISC |
| https://www.pluginvulnerabilities.com/2019/07/03/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:38.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9426"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pluginvulnerabilities.com/2019/07/03/hackers-look-to-be-targeting-the-wordpress-plugin-appointment-booking-calendar-which-is-yet-another-insecure-plugin-from-code-people/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T08:06:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9426"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pluginvulnerabilities.com/2019/07/03/hackers-look-to-be-targeting-the-wordpress-plugin-appointment-booking-calendar-which-is-yet-another-insecure-plugin-from-code-people/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9426",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9426"
},
{
"name": "https://wordpress.org/plugins/appointment-booking-calendar/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
},
{
"name": "https://www.pluginvulnerabilities.com/2019/07/03/hackers-look-to-be-targeting-the-wordpress-plugin-appointment-booking-calendar-which-is-yet-another-insecure-plugin-from-code-people/",
"refsource": "MISC",
"url": "https://www.pluginvulnerabilities.com/2019/07/03/hackers-look-to-be-targeting-the-wordpress-plugin-appointment-booking-calendar-which-is-yet-another-insecure-plugin-from-code-people/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14791",
"datePublished": "2019-08-09T13:32:47.000Z",
"dateReserved": "2019-08-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:26:38.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7320 (GCVE-0-2015-7320)
Vulnerability from nvd – Published: 2015-09-29 19:00 – Updated: 2024-08-06 07:43
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/appointment-booking… | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/133743/WordP… | x_refsource_MISC |
| https://wpvulndb.com/vulnerabilities/8199 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/536556/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/536557/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2015-09-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/changelog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133743/WordPress-Appointment-Booking-Calendar-1.1.7-XSS.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8199"
},
{
"name": "20150926 CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536556/100/0/threaded"
},
{
"name": "20150926 Subject mail: CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536557/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/changelog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133743/WordPress-Appointment-Booking-Calendar-1.1.7-XSS.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8199"
},
{
"name": "20150926 CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536556/100/0/threaded"
},
{
"name": "20150926 Subject mail: CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536557/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/appointment-booking-calendar/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/appointment-booking-calendar/changelog/"
},
{
"name": "http://packetstormsecurity.com/files/133743/WordPress-Appointment-Booking-Calendar-1.1.7-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133743/WordPress-Appointment-Booking-Calendar-1.1.7-XSS.html"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8199",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8199"
},
{
"name": "20150926 CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536556/100/0/threaded"
},
{
"name": "20150926 Subject mail: CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536557/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7320",
"datePublished": "2015-09-29T19:00:00.000Z",
"dateReserved": "2015-09-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:43:46.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7319 (GCVE-0-2015-7319)
Vulnerability from nvd – Published: 2015-09-29 19:00 – Updated: 2024-08-06 07:43
VLAI
Summary
SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/appointment-booking… | x_refsource_CONFIRM |
| https://wpvulndb.com/vulnerabilities/8199 | x_refsource_MISC |
| http://packetstormsecurity.com/files/133757/WordP… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/536555/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2015-09-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/changelog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8199"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133757/WordPress-Appointment-Booking-Calendar-1.1.7-SQL-Injection.html"
},
{
"name": "20150926 CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536555/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/changelog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8199"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133757/WordPress-Appointment-Booking-Calendar-1.1.7-SQL-Injection.html"
},
{
"name": "20150926 CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536555/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/appointment-booking-calendar/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/appointment-booking-calendar/changelog/"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8199",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8199"
},
{
"name": "http://packetstormsecurity.com/files/133757/WordPress-Appointment-Booking-Calendar-1.1.7-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133757/WordPress-Appointment-Booking-Calendar-1.1.7-SQL-Injection.html"
},
{
"name": "20150926 CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536555/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7319",
"datePublished": "2015-09-29T19:00:00.000Z",
"dateReserved": "2015-09-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:43:46.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46247 (GCVE-0-2025-46247)
Vulnerability from cvelistv5 – Published: 2025-04-22 09:53 – Updated: 2026-04-28 16:12
VLAI
Title
WordPress Appointment Booking Calendar plugin <= 1.3.92 - Broken Access Control Vulnerability
Summary
Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| codepeople | Appointment Booking Calendar |
Affected:
0 , ≤ 1.3.92
(custom)
|
Date Public
2026-04-01 16:39
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T16:06:03.220517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:06:28.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "appointment-booking-calendar",
"product": "Appointment Booking Calendar",
"vendor": "codepeople",
"versions": [
{
"changes": [
{
"at": "1.3.93",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.3.92",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "timomangcut | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:39:39.613Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects Appointment Booking Calendar: from n/a through \u003c= 1.3.92.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Appointment Booking Calendar: from n/a through \u003c= 1.3.92."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:36.985Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/appointment-booking-calendar/vulnerability/wordpress-appointment-booking-calendar-1-3-92-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Appointment Booking Calendar plugin \u003c= 1.3.92 - Broken Access Control Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-46247",
"datePublished": "2025-04-22T09:53:31.891Z",
"dateReserved": "2025-04-22T09:21:43.075Z",
"dateUpdated": "2026-04-28T16:12:36.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-46241 (GCVE-0-2025-46241)
Vulnerability from cvelistv5 – Published: 2025-04-22 09:53 – Updated: 2026-04-28 16:12
VLAI
Title
WordPress Appointment Booking Calendar plugin <= 1.3.92 - CSRF to SQL Injection vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| codepeople | Appointment Booking Calendar |
Affected:
0 , ≤ 1.3.92
(custom)
|
Date Public
2026-04-01 16:39
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46241",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T16:51:54.800443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:52:09.206Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "appointment-booking-calendar",
"product": "Appointment Booking Calendar",
"vendor": "codepeople",
"versions": [
{
"changes": [
{
"at": "1.3.93",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.3.92",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Martino Spagnuolo (r3verii) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:39:39.500Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.\u003cp\u003eThis issue affects Appointment Booking Calendar: from n/a through \u003c= 1.3.92.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.This issue affects Appointment Booking Calendar: from n/a through \u003c= 1.3.92."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:36.933Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/appointment-booking-calendar/vulnerability/wordpress-appointment-booking-calendar-plugin-1-3-92-csrf-to-sql-injection-vulnerability?_s_id=cve"
}
],
"title": "WordPress Appointment Booking Calendar plugin \u003c= 1.3.92 - CSRF to SQL Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-46241",
"datePublished": "2025-04-22T09:53:28.272Z",
"dateReserved": "2025-04-22T09:21:32.319Z",
"dateUpdated": "2026-04-28T16:12:36.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12274 (GCVE-0-2024-12274)
Vulnerability from cvelistv5 – Published: 2025-01-13 06:00 – Updated: 2025-08-27 12:00
VLAI
Title
BookingPress < 1.1.23 - Unauthenticated Export File Download
Summary
The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files (if they exist).
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/e3176c9a-63f3-4a… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Appointment Booking Calendar Plugin and Scheduling Plugin |
Affected:
0 , < 1.1.23
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-12274",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T14:55:34.840602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T14:55:58.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Appointment Booking Calendar Plugin and Scheduling Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.1.23",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files (if they exist)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-340 Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T12:00:25.696Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/e3176c9a-63f3-4a28-a8a7-8abb2b4100ef/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BookingPress \u003c 1.1.23 - Unauthenticated Export File Download",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-12274",
"datePublished": "2025-01-13T06:00:01.193Z",
"dateReserved": "2024-12-05T18:29:09.587Z",
"dateUpdated": "2025-08-27T12:00:25.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0856 (GCVE-0-2024-0856)
Vulnerability from cvelistv5 – Published: 2024-03-20 05:00 – Updated: 2024-08-05 18:06
VLAI
Title
Booking Calendar < 1.3.83 - CSRF appointment scheduling
Summary
The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/eb383600-0cff-4f… | exploitvdb-entrytechnical-description |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Appointment Booking Calendar |
Affected:
0 , < 1.3.83
(semver)
|
|
| codepeople | appointment_booking_calendar |
Affected:
0 , < 1.3.83
(semver)
cpe:2.3:a:codepeople:appointment_booking_calendar:*:*:*:*:*:wordpress:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/eb383600-0cff-4f24-8127-1fb118f0565a/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:codepeople:appointment_booking_calendar:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "appointment_booking_calendar",
"vendor": "codepeople",
"versions": [
{
"lessThan": "1.3.83",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-0856",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T18:02:21.787624Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T18:06:03.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Appointment Booking Calendar",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.3.83",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sushil Phuyal"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T05:00:02.675Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/eb383600-0cff-4f24-8127-1fb118f0565a/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Booking Calendar \u003c 1.3.83 - CSRF appointment scheduling",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-0856",
"datePublished": "2024-03-20T05:00:02.675Z",
"dateReserved": "2024-01-24T11:38:06.130Z",
"dateUpdated": "2024-08-05T18:06:03.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43482 (GCVE-0-2022-43482)
Vulnerability from cvelistv5 – Published: 2022-11-18 19:03 – Updated: 2026-04-28 16:07
VLAI
Title
WordPress Appointment Booking Calendar plugin <= 1.3.69 - Missing Authorization vulnerability
Summary
Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodePeople | Appointment Booking Calendar (WordPress plugin) |
Affected:
<= 1.3.69 , ≤ 1.3.69
(custom)
|
Date Public
2022-10-30 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/appointment-booking-calendar/wordpress-appointment-booking-calendar-plugin-1-3-69-missing-authorization-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:20:20.988226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T19:52:17.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Appointment Booking Calendar (WordPress plugin)",
"vendor": "CodePeople",
"versions": [
{
"lessThanOrEqual": "1.3.69",
"status": "affected",
"version": "\u003c= 1.3.69",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Lana Codes (Patchstack Alliance)"
}
],
"datePublic": "2022-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Appointment Booking Calendar plugin \u003c= 1.3.69 on WordPress."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:07:50.862Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"url": "https://patchstack.com/database/vulnerability/appointment-booking-calendar/wordpress-appointment-booking-calendar-plugin-1-3-69-missing-authorization-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 1.3.70 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Appointment Booking Calendar plugin \u003c= 1.3.69 - Missing Authorization vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-43482",
"datePublished": "2022-11-18T19:03:50.226Z",
"dateReserved": "2022-10-19T00:00:00.000Z",
"dateUpdated": "2026-04-28T16:07:50.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-9372 (GCVE-0-2020-9372)
Vulnerability from cvelistv5 – Published: 2020-03-04 18:12 – Updated: 2024-08-04 10:26
VLAI
Summary
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/appointment-booking… | x_refsource_MISC |
| https://drive.google.com/open?id=1NNcYPaJir9SleyV… | x_refsource_MISC |
| https://www.hotdreamweaver.com/support/view.php?i… | x_refsource_MISC |
| http://packetstormsecurity.com/files/156694/WordP… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.hotdreamweaver.com/support/view.php?id=815925"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T21:06:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.hotdreamweaver.com/support/view.php?id=815925"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/appointment-booking-calendar/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
},
{
"name": "https://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9"
},
{
"name": "https://www.hotdreamweaver.com/support/view.php?id=815925",
"refsource": "MISC",
"url": "https://www.hotdreamweaver.com/support/view.php?id=815925"
},
{
"name": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9372",
"datePublished": "2020-03-04T18:12:31.000Z",
"dateReserved": "2020-02-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:26:16.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9371 (GCVE-0-2020-9371)
Vulnerability from cvelistv5 – Published: 2020-03-04 18:11 – Updated: 2024-08-04 10:26
VLAI
Summary
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/appointment-booking… | x_refsource_MISC |
| https://drive.google.com/open?id=1NNcYPaJir9SleyV… | x_refsource_MISC |
| https://www.hotdreamweaver.com/support/view.php?i… | x_refsource_MISC |
| https://wpvulndb.com/vulnerabilities/10110 | x_refsource_MISC |
| http://packetstormsecurity.com/files/156694/WordP… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.hotdreamweaver.com/support/view.php?id=815925"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/10110"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T21:06:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.hotdreamweaver.com/support/view.php?id=815925"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/10110"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/appointment-booking-calendar/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
},
{
"name": "https://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9"
},
{
"name": "https://www.hotdreamweaver.com/support/view.php?id=815925",
"refsource": "MISC",
"url": "https://www.hotdreamweaver.com/support/view.php?id=815925"
},
{
"name": "https://wpvulndb.com/vulnerabilities/10110",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/10110"
},
{
"name": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9371",
"datePublished": "2020-03-04T18:11:35.000Z",
"dateReserved": "2020-02-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:26:16.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10916 (GCVE-0-2016-10916)
Vulnerability from cvelistv5 – Published: 2019-08-22 12:11 – Updated: 2024-08-06 03:38
VLAI
Summary
The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/appointment-booking… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-22T12:11:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/appointment-booking-calendar/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10916",
"datePublished": "2019-08-22T12:11:21.000Z",
"dateReserved": "2019-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:38:56.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14791 (GCVE-0-2019-14791)
Vulnerability from cvelistv5 – Published: 2019-08-09 13:32 – Updated: 2024-08-05 00:26
VLAI
Summary
The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpvulndb.com/vulnerabilities/9426 | x_refsource_MISC |
| https://wordpress.org/plugins/appointment-booking… | x_refsource_MISC |
| https://www.pluginvulnerabilities.com/2019/07/03/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:38.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9426"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pluginvulnerabilities.com/2019/07/03/hackers-look-to-be-targeting-the-wordpress-plugin-appointment-booking-calendar-which-is-yet-another-insecure-plugin-from-code-people/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T08:06:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9426"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pluginvulnerabilities.com/2019/07/03/hackers-look-to-be-targeting-the-wordpress-plugin-appointment-booking-calendar-which-is-yet-another-insecure-plugin-from-code-people/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9426",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9426"
},
{
"name": "https://wordpress.org/plugins/appointment-booking-calendar/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/appointment-booking-calendar/#developers"
},
{
"name": "https://www.pluginvulnerabilities.com/2019/07/03/hackers-look-to-be-targeting-the-wordpress-plugin-appointment-booking-calendar-which-is-yet-another-insecure-plugin-from-code-people/",
"refsource": "MISC",
"url": "https://www.pluginvulnerabilities.com/2019/07/03/hackers-look-to-be-targeting-the-wordpress-plugin-appointment-booking-calendar-which-is-yet-another-insecure-plugin-from-code-people/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14791",
"datePublished": "2019-08-09T13:32:47.000Z",
"dateReserved": "2019-08-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:26:38.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7319 (GCVE-0-2015-7319)
Vulnerability from cvelistv5 – Published: 2015-09-29 19:00 – Updated: 2024-08-06 07:43
VLAI
Summary
SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/appointment-booking… | x_refsource_CONFIRM |
| https://wpvulndb.com/vulnerabilities/8199 | x_refsource_MISC |
| http://packetstormsecurity.com/files/133757/WordP… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/536555/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2015-09-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/changelog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8199"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133757/WordPress-Appointment-Booking-Calendar-1.1.7-SQL-Injection.html"
},
{
"name": "20150926 CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536555/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/changelog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8199"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133757/WordPress-Appointment-Booking-Calendar-1.1.7-SQL-Injection.html"
},
{
"name": "20150926 CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536555/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/appointment-booking-calendar/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/appointment-booking-calendar/changelog/"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8199",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8199"
},
{
"name": "http://packetstormsecurity.com/files/133757/WordPress-Appointment-Booking-Calendar-1.1.7-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133757/WordPress-Appointment-Booking-Calendar-1.1.7-SQL-Injection.html"
},
{
"name": "20150926 CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536555/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7319",
"datePublished": "2015-09-29T19:00:00.000Z",
"dateReserved": "2015-09-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:43:46.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7320 (GCVE-0-2015-7320)
Vulnerability from cvelistv5 – Published: 2015-09-29 19:00 – Updated: 2024-08-06 07:43
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/appointment-booking… | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/133743/WordP… | x_refsource_MISC |
| https://wpvulndb.com/vulnerabilities/8199 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/536556/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/536557/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2015-09-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/changelog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133743/WordPress-Appointment-Booking-Calendar-1.1.7-XSS.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8199"
},
{
"name": "20150926 CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536556/100/0/threaded"
},
{
"name": "20150926 Subject mail: CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536557/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/appointment-booking-calendar/changelog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133743/WordPress-Appointment-Booking-Calendar-1.1.7-XSS.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8199"
},
{
"name": "20150926 CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536556/100/0/threaded"
},
{
"name": "20150926 Subject mail: CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536557/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/appointment-booking-calendar/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/appointment-booking-calendar/changelog/"
},
{
"name": "http://packetstormsecurity.com/files/133743/WordPress-Appointment-Booking-Calendar-1.1.7-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133743/WordPress-Appointment-Booking-Calendar-1.1.7-XSS.html"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8199",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8199"
},
{
"name": "20150926 CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536556/100/0/threaded"
},
{
"name": "20150926 Subject mail: CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536557/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7320",
"datePublished": "2015-09-29T19:00:00.000Z",
"dateReserved": "2015-09-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:43:46.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}