cleantalk
Vulnerabilities and Security Researches

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin, CVE-2022-2374

CVE, Research URL

CVE-2022-2374

Home page URL

Security reports for Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Application

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Published on
Aug 29, 2022
Research Description
The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions
Min -, max 1.5.7.7.
Status
vulnerable
Previous vulnerability researches
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2024-7129) , Sep 15, 2024
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2024-7877) , Oct 17, 2024
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2024-7876) , Oct 17, 2024
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2024-22311) , Jun 07, 2024
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2024-4288) , Jun 07, 2024
New vulnerability
EventON (CVE-2025-47494) , May 09, 2025
Email Notification on Login (CVE-2025-47622) , May 09, 2025
NEX-Forms – Ultimate Form Builder – Contact forms and much more (CVE-2025-3468) , May 09, 2025
NEX-Forms – Ultimate Form Builder – Contact forms and much more (CVE-2025-4208) , May 09, 2025
WP Maintenance (CVE-2025-47683) , May 09, 2025