Codepeople Appointment_booking_calendar
11 CVEs affecting Codepeople Appointment_booking_calendar. Latest disclosed: 2025-04-22. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-10916 | Critical | 9.8 | 2019-08-22 | The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319. |
CVE-2024-0856 | High | 8.8 | 2024-03-20 | The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users p… |
CVE-2025-46241 | High | 8.2 | 2025-04-22 | Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.This issue affects… |
CVE-2020-9372 | High | 7.8 | 2020-03-04 | The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any for… |
CVE-2024-12274 | High | 7.5 | 2025-01-13 | The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, wi… |
CVE-2019-14791 | Medium | 6.1 | 2019-08-09 | The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. |
CVE-2025-46247 | Medium | 5.3 | 2025-04-22 | Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constra… |
CVE-2020-9371 | Medium | 4.8 | 2020-03-04 | Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could all… |
CVE-2022-43482 | Medium | 4.3 | 2022-11-18 | Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress. |
CVE-2015-7320 | | 2015-09-29 | Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1… | |
CVE-2015-7319 | | 2015-09-29 | SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows… |