cleantalk
Vulnerabilities and Security Researches

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin, CVE-2024-7129

CVE, Research URL

CVE-2024-7129

Home page URL

Security reports for Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Application

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Published on
Sep 13, 2024
Research Description
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to remote code Execution by high privilege such as admins
Affected versions
Min -, max 1.6.7.43.
Status
vulnerable
Previous vulnerability researches
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2024-7129) , Sep 15, 2024
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2024-7877) , Oct 17, 2024
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2024-7876) , Oct 17, 2024
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2024-22311) , Jun 07, 2024
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2024-4288) , Jun 07, 2024
New vulnerability
YaySMTP – Simple WP SMTP Mail (CVE-2025-47587) , May 09, 2025
CookieCode (CVE-2025-47668) , May 09, 2025
Cool Author Box – For Widget and Post Content (CVE-2025-47447) , May 09, 2025
Photo Gallery, Images, Slider in Rbs Image Gallery (CVE-2025-47521) , May 09, 2025
Awesome Gallery (CVE-2025-47632) , May 09, 2025