cleantalk
Vulnerabilities and Security Researches

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin, CVE-2025-1119

CVE, Research URL

CVE-2025-1119

Home page URL

Security reports for Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Application

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Published on
Mar 13, 2025
Research Description
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.8.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Affected versions
Min -, max 1.6.8.7.
Status
vulnerable
Previous vulnerability researches
FTP Sync – Theme, Media & Plugin Files (CVE-2025-28892) , Mar 13, 2025
New vulnerability
LoginPress | wp-login Custom Login Page Customizer (CVE-2025-1764) , Mar 15, 2025
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2025-1620) , Mar 14, 2025
Hide My WP Ghost – Security Plugin (CVE-2025-2056) , Mar 14, 2025
Business Directory Plugin – Easy Listing Directories for WordPress (CVE-2024-13887) , Mar 14, 2025
AppPresser – Mobile App Framework (CVE-2025-1561) , Mar 14, 2025