EUVD-2026-20160
GHSA-w79w-69fh-fq49
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
3Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.9.27.
Analysis
Blind SQL injection in NSquared Simply Schedule Appointments WordPress plugin versions ≤1.6.9.27 allows authenticated attackers with low-privilege access to extract sensitive database contents and potentially trigger denial-of-service conditions. The vulnerability stems from improper neutralization of SQL special elements in user-controlled input. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Disable or deactivate the NSquared Simply Schedule Appointments plugin pending remediation; audit user access logs for the affected plugin versions to identify suspicious database queries. Within 7 days: Contact the plugin vendor for patch availability; if unavailable, evaluate alternative scheduling plugins with current security maintenance. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today