PT-2026-26283 · WordPress · Simply Schedule Appointments Booking Plugin

Momopon1415

·

Publicado

2026-03-19

·

Atualizado

2026-03-23

·

CVE-2026-3658

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Simply Schedule Appointments Booking Plugin for WordPress versions prior to 1.6.10.0
Description The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin for WordPress is susceptible to SQL Injection due to inadequate input sanitization and query preparation. Specifically, the fields parameter is not properly escaped, allowing attackers to inject additional SQL queries into existing database queries. This could allow unauthenticated attackers to extract sensitive information from the database, including usernames, email addresses, and password hashes.
Recommendations Update Simply Schedule Appointments Booking Plugin to version 1.6.10.0 or later.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2026-3658

Produtos afetados

Simply Schedule Appointments Booking Plugin