cleantalk
Vulnerabilities and Security Researches

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin, CVE-2024-4288

CVE, Research URL

CVE-2024-4288

Home page URL

Security reports for Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Application

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Published on
May 16, 2024
Research Description
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.6.7.18.
Status
vulnerable
Previous vulnerability researches
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2024-7129) , Sep 15, 2024
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2024-7877) , Oct 17, 2024
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2024-7876) , Oct 17, 2024
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2024-22311) , Jun 07, 2024
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2024-4288) , Jun 07, 2024
New vulnerability
Graphina – Elementor Charts and Graphs (CVE-2025-47480) , May 09, 2025
Graphina – Elementor Charts and Graphs (CVE-2025-47533) , May 09, 2025
Simple Giveaways – Grow your business, email lists and traffic with contests (CVE-2025-47606) , May 09, 2025
Supertext Translation and Proofreading (CVE-2025-47639) , May 09, 2025
Quran multilanguage Text & Audio (CVE-2025-47524) , May 09, 2025