cleantalk
Vulnerabilities and Security Researches

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin, CVE-2025-1119

CVE, Research URL

CVE-2025-1119

Home page URL

Security reports for Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Application

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Published on
Mar 13, 2025
Research Description
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.8.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Affected versions
Min -, max 1.6.8.7.
Status
vulnerable
Previous vulnerability researches
Ad Blocking Detector (CVE-2025-22732) , Jan 19, 2025
Ad Blocking Detector (CVE-2014-125093) , Jun 06, 2024
New vulnerability
Business Directory Plugin – Easy Listing Directories for WordPress (CVE-2024-13887) , Mar 14, 2025
AppPresser – Mobile App Framework (CVE-2025-1561) , Mar 14, 2025
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2025-1119) , Mar 14, 2025
CRM and Lead Management by vcita (CVE-2024-13703) , Mar 14, 2025
WP Recipe Maker (CVE-2025-1503) , Mar 14, 2025