Vulnerabilidades en croixhaug

19 resultados

CVE-2024-2341HIGHAppointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Subscriber+) SQL InjectionEPSS 0.6%CVE-2024-2342HIGHAppointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Contributor+) SQL Injection via ShortcodeEPSS 0.6%CVE-2026-6937MEDIUMAppointment Booking Calendar <= 1.6.11.8 - Missing Authorization to Unauthenticated Arbitrary Modification via Bulk Appointments REST API EndpointEPSS 0.6%CVE-2026-7797HIGHAppointment Booking Calendar <= 1.6.11.8 - Unauthenticated SQL Injection via 'append_where_sql' ParameterEPSS 0.6%CVE-2023-2764MEDIUMDraw Attention <= 2.0.11 - Missing Authorization to Arbitrary Post Featured Image ModificationEPSS 0.5%CVE-2025-1119HIGHAppointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.5%CVE-2026-4807MEDIUMAppointment Booking Calendar <= 1.6.10.6 - Unauthenticated Arbitrary Appointment View, Modification and DeletionEPSS 0.5%CVE-2026-1708HIGHAppointment Booking Calendar <= 1.6.9.27 - Unauthenticated SQL Injection via 'append_where_sql' ParameterEPSS 0.4%CVE-2026-7493MEDIUMAppointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.11.5 - Unauthenticated Denial of ServiceEPSS 0.4%CVE-2024-13431MEDIUMAppointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.3 - Reflected Cross-Site ScriptingEPSS 0.3%CVE-2024-4288MEDIUMAppointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.14 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2025-13754MEDIUMAppointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.16 - Missing Authorization to Unauthenticated Sensitive Information ExposureEPSS 0.3%CVE-2026-3658HIGHAppointment Booking Calendar <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' ParameterEPSS 0.3%CVE-2026-3045HIGHAppointment Booking Calendar <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API EndpointEPSS 0.3%CVE-2025-12166HIGHSimply Schedule Appointments <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` ParametersEPSS 0.3%CVE-2024-1760MEDIUMAppointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.6.20 - Cross-Site Request Forgery to Plugin Data ResetEPSS 0.3%CVE-2025-4667MEDIUMSimply Schedule Appointments <= 1.6.8.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple ShortcodesEPSS 0.2%CVE-2026-1704MEDIUMAppointment Booking Calendar <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information ExposureEPSS 0.2%CVE-2025-11723MEDIUMAppointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.5 - Unauthenticated Sensitive Information ExposureEPSS 0.2%