Codepeople Appointment Booking Calendar — known CVE vulnerabilities
Every CVE whose affected-product data names Codepeople Appointment Booking Calendar, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2016-10916 — CVSS 9.8 (critical): The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.
CVE-2024-0856 — CVSS 8.8 (high): The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to…
CVE-2020-9372 — CVSS 7.8 (high): The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any…
CVE-2015-7319 — CVSS 7.5 (high): SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8…
CVE-2024-12274 — CVSS 7.5 (high): The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to…
CVE-2019-14791 — CVSS 6.1 (medium): The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter.
CVE-2020-9371 — CVSS 4.8 (medium): Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar…