Appointment Booking Calendar
Approved changes feed: RSS · Atom
cpe:2.3:a:codepeople:appointment_booking_calendar:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Codepeople (f85d1a73-9b3f-50b5-b09d-cd136586594b) |
|---|---|
| Product | Appointment Booking Calendar (5fab8f5b-af66-55df-92b1-37ac117688d0) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/wp-plugins/appointment-booking-calendar |
purl2cpe | 2026-06-01 10:10:56.713012 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-64261 |
vulnerable | 2026-06-03 15:09:37.617556 |
WordPress Appointment Booking Calendar plugin <= 1.3.95 - Broken Access Control vulnerability
MEDIUM (5.4)
Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.95.
Published: 2025-11-13T09:24:27.476Z
Updated: 2026-04-28T16:14:12.817Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-46247 |
vulnerable | 2026-06-03 15:01:19.335885 |
WordPress Appointment Booking Calendar plugin <= 1.3.92 - Broken Access Control Vulnerability
MEDIUM (5.3)
Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.
Published: 2025-04-22T09:53:31.891Z
Updated: 2026-04-28T16:12:36.985Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-46241 |
vulnerable | 2026-06-03 15:01:19.315807 |
WordPress Appointment Booking Calendar plugin <= 1.3.92 - CSRF to SQL Injection vulnerability
HIGH (8.2)
Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.
Published: 2025-04-22T09:53:28.272Z
Updated: 2026-04-28T16:12:36.933Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-13317 |
vulnerable | 2026-06-03 14:58:45.886281 |
Appointment Booking Calendar <= 1.3.96 - Missing Authorization to Arbitrary Booking Confirmation via 'cpabc_ipncheck' Parameter
MEDIUM (5.3)
The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.96. This is due to the plugin exposing an unauthenticated booking processing endpoint (cpabc_appointments_check_IPN_verification) that trusts attacker-supplied payment notifications without verifying their origin, authenticity, or requiring proper authorization checks. This makes it possible for unauthenticated attackers to arbitrarily confirm bookings and insert them into the live calendar via the 'cpabc_ipncheck' parameter, triggering administrative and customer notification emails and disrupting operations.
Published: 2025-11-22T07:29:18.875Z
Updated: 2026-04-08T16:57:22.135Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.