Codepeople: >> Appointment Booking Calendar >> 1.3.40 Security Vulnerabilities
Missing Authorization vulnerability in codepeople Appointment Booking Calendar allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Appointment Booking Calendar: from n/a through 1.3.92.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-04-22
Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar allows SQL Injection. This issue affects Appointment Booking Calendar: from n/a through 1.3.92.
CVSS Score
8.2
EPSS Score
0.0
Published
2025-04-22
The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-03-20
Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-11-18