PT-2026-2964 · WordPress · Simply Schedule Appointments Booking Plugin

Angus Girvan

Publicado

2026-01-14

Atualizado

2026-01-15

CVE-2025-12166

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Simply Schedule Appointments Booking Plugin for WordPress versions prior to 1.6.9.9

Description The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin for WordPress is susceptible to a blind SQL injection issue. This is due to inadequate escaping of user-supplied parameters and insufficient preparation of existing SQL queries. Specifically, the order and append where sql parameters are vulnerable. This allows unauthenticated attackers to append additional SQL queries to existing queries, potentially extracting sensitive information from the database.

Recommendations Update to a version newer than 1.6.9.9

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2025-12166

Produtos afetados

Simply Schedule Appointments Booking Plugin

PT-2026-2964 · WordPress · Simply Schedule Appointments Booking Plugin

CVE-2025-12166

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6