VYPR

Schedule

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-22523CriMar 28, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scheduler Schedule schedule allows Blind SQL Injection.This issue affects Schedule: from n/a through <= 1.0.0.

  • CVE-2024-13891HigMar 13, 2025
    risk 0.46cvss 7.1epss 0.00

    The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin