Appointment
Monthly
WordPress Appointment theme versions through 3.5.5 suffer from Cross-Site Request Forgery (CSRF) enabling unauthenticated attackers to upload malicious web shells to the server. With CVSS 9.6 (Critical) and a changed scope, successful exploitation grants attackers remote code execution capabilities with high impact to confidentiality, integrity, and availability. EPSS probability is low (0.01%, 1st percentile), and no public exploit identified at time of analysis, though the CSRF-to-RCE chain represents a serious threat requiring immediate patching.
WordPress Appointment theme versions through 3.5.5 suffer from Cross-Site Request Forgery (CSRF) enabling unauthenticated attackers to upload malicious web shells to the server. With CVSS 9.6 (Critical) and a changed scope, successful exploitation grants attackers remote code execution capabilities with high impact to confidentiality, integrity, and availability. EPSS probability is low (0.01%, 1st percentile), and no public exploit identified at time of analysis, though the CSRF-to-RCE chain represents a serious threat requiring immediate patching.