Shodan
Vulnerabilities
Vulnerable Software
Codepeople:  >> Appointment Booking Calendar  Security Vulnerabilities
CVE-2025-46247
Missing Authorization vulnerability in codepeople Appointment Booking Calendar allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Appointment Booking Calendar: from n/a through 1.3.92.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-04-22
CVE-2025-46241
Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar allows SQL Injection. This issue affects Appointment Booking Calendar: from n/a through 1.3.92.
CVSS Score
8.2
EPSS Score
0.0
Published
2025-04-22
CVE-2022-43482
Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-11-18
CVE-2020-9371
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.
CVSS Score
4.8
EPSS Score
0.004
Published
2020-03-04
CVE-2020-9372
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection.
CVSS Score
7.8
EPSS Score
0.037
Published
2020-03-04
CVE-2016-10916
The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-22
CVE-2019-14791
The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-09
CVE-2015-7320
Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2015-09-29
CVE-2015-7319
SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username.
CVSS Score
7.5
EPSS Score
0.006
Published
2015-09-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved