cleantalk
Vulnerabilities and Security Researches

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin, CVE-2026-39495

CVE, Research URL

CVE-2026-39495

Home page URL

Security reports for Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Application

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Published on
Apr 08, 2026
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.9.27.
Affected versions
max 1.6.9.29.
Status
vulnerable
Previous vulnerability researches
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2024-7129) , Sep 15, 2024
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2024-7877) , Oct 17, 2024
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2024-7876) , Oct 17, 2024
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2026-3658) , Apr 13, 2026
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2026-3045) , Apr 13, 2026
New vulnerability
Export WP Page to Static HTML/CSS (CVE-2026-24574) , May 27, 2026
Team Showcase (CVE-2025-62745) , May 27, 2026
wpForo Forum (CVE-2026-42682) , May 27, 2026
Auto Affiliate Links (CVE-2026-24592) , May 27, 2026
Autoship Cloud for WooCommerce Subscription Products (CVE-2026-24527) , May 27, 2026