Appointment Booking Calendar
by Codepeople
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-46241 | Hig | 0.53 | 8.2 | 0.00 | Apr 22, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92. | ||
| CVE-2025-64261 | Med | 0.35 | 5.4 | 0.00 | Nov 13, 2025 | Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.95. | ||
| CVE-2025-46247 | Med | 0.34 | 5.3 | 0.00 | Apr 22, 2025 | Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92. | ||
| CVE-2022-43482 | 0.00 | — | 0.00 | Nov 18, 2022 | Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress. | |||
| CVE-2015-7320 | 0.00 | — | 0.02 | Sep 29, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-7319 | 0.00 | — | 0.02 | Sep 29, 2015 | SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username. |
- risk 0.53cvss 8.2epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.95.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.
- CVE-2022-43482Nov 18, 2022risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.
- CVE-2015-7320Sep 29, 2015risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2015-7319Sep 29, 2015risk 0.00cvss —epss 0.02
SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username.