VYPR

Smart Appointment Booking

by WordPress

Source repositories

CVEs (2)

  • CVE-2026-0742MedFeb 4, 2026
    risk 0.42cvss 6.4epss 0.00

    The Smart Appointment & Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saab_save_form_data AJAX action in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This…

  • CVE-2026-5693MedMay 12, 2026
    risk 0.34cvss 5.3epss 0.00

    The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saab_cancel_booking() function in all versions up to, and including, 1.0.8. The nonce check uses &&…