VYPR

Appointment Booking Calendar

by Codepeople

CVEs (6)

  • CVE-2025-46241HigApr 22, 2025
    risk 0.53cvss 8.2epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.

  • CVE-2025-64261MedNov 13, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.95.

  • CVE-2025-46247MedApr 22, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.

  • CVE-2022-43482Nov 18, 2022
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.

  • CVE-2015-7320Sep 29, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-7319Sep 29, 2015
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username.