U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:nsqua:simply_schedule_appointments:1.4.5.0:*:*:*:*:wordpress:*:*
  • CPE Name Search: true
There are 6 matching records.
Displaying matches 1 through 6.
Vuln ID Summary CVSS Severity
CVE-2024-7877

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Published: November 05, 2024; 1:15:05 AM -0500
V4.0:(not available)
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2024-7876

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Appointment Type settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Published: November 05, 2024; 1:15:05 AM -0500
V4.0:(not available)
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2024-7129

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to remote code Execution by high privilege such as admins

Published: September 13, 2024; 2:15:15 AM -0400
V4.0:(not available)
V3.1: 7.2 HIGH
V2.0:(not available)
CVE-2023-50851

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N Squared Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin.This issue affects Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin: from n/a before 1.6.6.1.

Published: December 28, 2023; 7:15:43 AM -0500
V4.0:(not available)
V3.1: 7.2 HIGH
V2.0:(not available)
CVE-2022-2374

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Published: August 29, 2022; 2:15:09 PM -0400
V4.0:(not available)
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2022-2373

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address

Published: August 29, 2022; 2:15:09 PM -0400
V4.0:(not available)
V3.1: 5.3 MEDIUM
V2.0:(not available)