CVE-2025-11723

Name of the Vulnerable Software and Affected Versions Simply Schedule Appointments Booking Plugin versions prior to 1.6.9.6

Description The Appointment Booking Calendar – Simply Schedule Appointments Booking Plugin for WordPress is susceptible to sensitive information exposure due to the use of a hardcoded fall-back salt within the hash() function. This allows unauthenticated attackers to generate a valid token on sites utilizing the plugin that haven’t manually configured a salt in the wp-config.php file. Successful exploitation enables access to booking information, potentially allowing attackers to make modifications.

Recommendations Update the Simply Schedule Appointments Booking Plugin to version 1.6.9.6 or later. Manually set a salt in the wp-config.php file to prevent the use of the hardcoded fall-back salt.