High severity7.8NVD Advisory· Published Mar 4, 2020· Updated Jun 17, 2026
CVE-2020-9372
CVE-2020-9372
Description
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Appointment Booking Calendardescription
- Range: <1.3.35
Patches
Vulnerability mechanics
References
4- packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.htmlnvdExploitThird Party AdvisoryVDB Entry
- drive.google.com/opennvdExploitThird Party Advisory
- wordpress.org/plugins/appointment-booking-calendar/nvdRelease NotesThird Party Advisory
- www.hotdreamweaver.com/support/view.phpnvdPermissions Required
News mentions
0No linked articles in our index yet.