Codepeople: >> Appointment Booking Calendar >> 1.1.27 Security Vulnerabilities
Missing Authorization vulnerability in codepeople Appointment Booking Calendar allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Appointment Booking Calendar: from n/a through 1.3.92.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-04-22
Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar allows SQL Injection. This issue affects Appointment Booking Calendar: from n/a through 1.3.92.
CVSS Score
8.2
EPSS Score
0.0
Published
2025-04-22
The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-03-20
Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-11-18
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.
CVSS Score
4.8
EPSS Score
0.004
Published
2020-03-04
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection.
CVSS Score
7.8
EPSS Score
0.037
Published
2020-03-04