Appointment Booking Calendar
Approved changes feed: RSS · Atom
cpe:2.3:a:codepeople:appointment_booking_calendar:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Codepeople (f85d1a73-9b3f-50b5-b09d-cd136586594b) |
|---|---|
| Product | Appointment Booking Calendar (5fab8f5b-af66-55df-92b1-37ac117688d0) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/wp-plugins/appointment-booking-calendar |
purl2cpe | 2026-06-01 10:10:56.735091 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-46247 |
vulnerable | 2026-06-03 15:01:19.335926 |
WordPress Appointment Booking Calendar plugin <= 1.3.92 - Broken Access Control Vulnerability
MEDIUM (5.3)
Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.
Published: 2025-04-22T09:53:31.891Z
Updated: 2026-04-28T16:12:36.985Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-46241 |
vulnerable | 2026-06-03 15:01:19.316830 |
WordPress Appointment Booking Calendar plugin <= 1.3.92 - CSRF to SQL Injection vulnerability
HIGH (8.2)
Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.
Published: 2025-04-22T09:53:28.272Z
Updated: 2026-04-28T16:12:36.933Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12274 |
vulnerable | 2026-06-03 14:54:15.981773 |
BookingPress < 1.1.23 - Unauthenticated Export File Download
The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files (if they exist).
Published: 2025-01-13T06:00:01.193Z
Updated: 2025-08-27T12:00:25.696Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0856 |
vulnerable | 2026-06-03 14:54:04.340864 |
Booking Calendar < 1.3.83 - CSRF appointment scheduling
The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying.
Published: 2024-03-20T05:00:02.675Z
Updated: 2024-08-05T18:06:03.929Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-43482 |
vulnerable | 2026-06-03 14:48:14.357200 |
WordPress Appointment Booking Calendar plugin <= 1.3.69 - Missing Authorization vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.
Published: 2022-11-18T19:03:50.226Z
Updated: 2026-04-28T16:07:50.862Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-9372 |
vulnerable | 2026-06-03 14:43:13.419058 |
Details available
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection.
Published: 2020-03-04T18:12:31.000Z
Updated: 2024-08-04T10:26:16.042Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-9371 |
vulnerable | 2026-06-03 14:43:13.418605 |
Details available
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.
Published: 2020-03-04T18:11:35.000Z
Updated: 2024-08-04T10:26:16.042Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-10916 |
vulnerable | 2026-06-03 14:35:29.932508 |
Details available
The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.
Published: 2019-08-22T12:11:21.000Z
Updated: 2024-08-06T03:38:56.847Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-7320 |
vulnerable | 2026-06-03 14:35:08.440042 |
Details available
Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 2015-09-29T19:00:00.000Z
Updated: 2024-08-06T07:43:46.126Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-7319 |
vulnerable | 2026-06-03 14:35:08.439616 |
Details available
SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username.
Published: 2015-09-29T19:00:00.000Z
Updated: 2024-08-06T07:43:46.135Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.