VYPR

Simply Schedule Appointments

by WordPress

Source repositories

CVEs (21)

  • CVE-2024-2342HigApr 9, 2024
    risk 0.57cvss 8.8epss 0.01

    The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customer_id parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack…

  • CVE-2024-2341HigApr 9, 2024
    risk 0.57cvss 8.8epss 0.01

    The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the keys parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of…

  • CVE-2026-39495HigApr 8, 2026
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.9.27.

  • CVE-2026-39493CriJun 15, 2026
    risk 0.53cvss 9.3epss 0.00

    Unauthenticated SQL Injection in Simply Schedule Appointments <= 1.6.9.27 versions.

  • CVE-2026-3045HigMar 13, 2026
    risk 0.49cvss 7.5epss 0.00

    The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: (1) a non-user-bound `public_nonce` is exposed…

  • CVE-2023-50851HigDec 28, 2023
    risk 0.49cvss 7.6epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N Squared Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin.This issue affects Appointment Booking Calendar — Simply Schedule Appointments Booking…

  • CVE-2024-22311HigMar 27, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N Squared Simply Schedule Appointments allows Reflected XSS.This issue affects Simply Schedule Appointments: from n/a through 1.6.6.20.

  • CVE-2026-42384HigJun 15, 2026
    risk 0.42cvss 7.5epss 0.00

    Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments < 1.6.11.2 versions.

  • CVE-2026-7797HigMay 28, 2026
    risk 0.42cvss 7.5epss 0.01

    The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'append_where_sql' parameter in all versions up to, and including, 1.6.11.8 due to insufficient escaping on the user…

  • CVE-2025-69315MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.9.15.

  • CVE-2025-1119HigMar 13, 2025
    risk 0.40cvss 7.3epss 0.01

    The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.8.5. This is due to the software allowing users to execute an action that does not…

  • CVE-2026-39447HigJun 15, 2026
    risk 0.39cvss 7.1epss 0.00

    Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.10.6 versions.

  • CVE-2026-4807MedMay 7, 2026
    risk 0.35cvss 6.5epss 0.00

    The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.6.10.6. This is due to a flawed authorization logic in the nonce_permissions_check() method combined with the public exposure of a site-wide reusable…

  • CVE-2025-11723MedJan 6, 2026
    risk 0.35cvss 6.5epss 0.00

    The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.5 via the hash() function due to use of a hardcoded fall-back salt. This makes it…

  • CVE-2025-4667MedJun 14, 2025
    risk 0.35cvss 6.4epss 0.00

    The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ssa_admin_upcoming_appointments, ssa_admin_upcoming_appointments, and ssa_past_appointments shortcodes in all…

  • CVE-2026-6937MedMay 28, 2026
    risk 0.27cvss 5.3epss 0.01

    The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.11.8 due to the plugin not properly verifying that a user is authorized to perform an action via…

  • CVE-2026-7493MedMay 27, 2026
    risk 0.27cvss 5.3epss 0.00

    The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint (/wp-json/ssa/v1/async) that calls…

  • CVE-2025-13754MedDec 19, 2025
    risk 0.27cvss 5.3epss 0.00

    The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.16. This is due to the plugin exposing its admin embed endpoint at…

  • CVE-2024-1760MedMar 6, 2024
    risk 0.21cvss 4.3epss 0.00

    The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.6.20. This is due to missing or incorrect nonce validation on the ssa_factory_reset()…

  • CVE-2022-2373Aug 29, 2022
    risk 0.01cvss epss 0.01

    The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address

Page 1 of 2