Vulnerabilities > Codepeople > Appointment Booking Calendar > 1.1.88
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-22 | CVE-2025-46241 | Cross-Site Request Forgery (CSRF) vulnerability in Codepeople Appointment Booking Calendar Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar allows SQL Injection. | 8.8 |
| 2025-04-22 | CVE-2025-46247 | Missing Authorization vulnerability in Codepeople Appointment Booking Calendar Missing Authorization vulnerability in codepeople Appointment Booking Calendar allows Accessing Functionality Not Properly Constrained by ACLs. | 9.8 |
| 2022-11-18 | CVE-2022-43482 | Missing Authorization vulnerability in Codepeople Appointment Booking Calendar Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress. | 8.8 |
| 2020-03-04 | CVE-2020-9372 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Codepeople Appointment Booking Calendar The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. | 7.8 |
| 2020-03-04 | CVE-2020-9371 | Cross-site Scripting vulnerability in Codepeople Appointment Booking Calendar Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. | 4.8 |