Appointment Booking Calendar Simply Schedule Appointments Booking Plugin

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-3658 HIGH This Week

Unauthenticated attackers can exploit SQL injection in the Simply Schedule Appointments Booking Plugin for WordPress (versions up to 1.6.10.0) through the 'fields' parameter to extract sensitive database information including usernames, email addresses, and password hashes. The vulnerability stems from insufficient input escaping and improper SQL query preparation, allowing attackers to inject arbitrary SQL commands without authentication. No patch is currently available.

WordPress PHP SQLi Information Disclosure Appointment Booking Calendar Simply Schedule Appointments Booking Plugin
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-3658
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated attackers can exploit SQL injection in the Simply Schedule Appointments Booking Plugin for WordPress (versions up to 1.6.10.0) through the 'fields' parameter to extract sensitive database information including usernames, email addresses, and password hashes. The vulnerability stems from insufficient input escaping and improper SQL query preparation, allowing attackers to inject arbitrary SQL commands without authentication. No patch is currently available.

WordPress PHP SQLi +2
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy