VYPR
Unrated severityNVD Advisory· Published Sep 13, 2024· Updated Sep 15, 2025

Appointment Booking Calendar < 1.6.7.43 - Admin+ Template Injection to RCE

CVE-2024-7129

Description

The Appointment Booking Calendar WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to remote code Execution by high privilege such as admins

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.