Codepeople

Appointment Booking Calendar

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2026-12111

  • EPSS 0.29%
  • Veröffentlicht 18.06.2026 06:50:06
  • Zuletzt bearbeitet 18.06.2026 06:50:06

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabc_appointme...

5.3

CVE-2025-13317

  • EPSS 0.24%
  • Veröffentlicht 22.11.2025 07:29:18
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.96. This is due to the plugin exposing an unauthenticated booking processing endpoint (cpabc_appointments_check_IPN...

5.4

CVE-2025-64261

  • EPSS 0.17%
  • Veröffentlicht 13.11.2025 09:24:27
  • Zuletzt bearbeitet 27.04.2026 16:16:38

Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Booking Calendar: from n/a through <= 1...

9.8

CVE-2025-46247

  • EPSS 0.32%
  • Veröffentlicht 22.04.2025 09:53:31
  • Zuletzt bearbeitet 23.04.2026 15:29:56

Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.

8.8

CVE-2025-46241

  • EPSS 0.16%
  • Veröffentlicht 22.04.2025 09:53:28
  • Zuletzt bearbeitet 23.04.2026 15:29:56

Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.

7.5

CVE-2024-12274

Exploit
  • EPSS 0.62%
  • Veröffentlicht 13.01.2025 06:15:10
  • Zuletzt bearbeitet 08.05.2025 19:37:55

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported...

8.8

CVE-2024-0856

Exploit
  • EPSS 0.38%
  • Veröffentlicht 20.03.2024 05:15:45
  • Zuletzt bearbeitet 05.05.2025 18:41:08

The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without p...

8.8

CVE-2022-43482

  • EPSS 0.49%
  • Veröffentlicht 18.11.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 07:26:34

Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.

4.8

CVE-2020-9371

Exploit
  • EPSS 3.59%
  • Veröffentlicht 04.03.2020 19:15:13
  • Zuletzt bearbeitet 21.11.2024 05:40:30

Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.

7.8

CVE-2020-9372

Exploit
  • EPSS 8.61%
  • Veröffentlicht 04.03.2020 19:15:13
  • Zuletzt bearbeitet 21.11.2024 05:40:30

The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cp...