Jeewan Kumar Bhatta

**Name of the Vulnerable Software and Affected Versions** The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin versions prior to 1.6.7.55 **Description** The issue is related to the lack of sanitization and escaping of some Appointment Type settings in the plugin, which could allow high-privilege users, such as admins, to perform Cross-Site Scripting attacks, even when unfiltered html is disallowed. **Recommendations** For versions prior to 1.6.7.55, update to version 1.6.7.55 or later to resolve the issue. As a temporary workaround, consider restricting access to the Appointment Type settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin versions prior to 1.6.7.55 **Description** The issue is related to the lack of sanitization and escaping of some Notification settings in the plugin, which could allow high privilege users, such as admins, to perform Cross-Site Scripting attacks even when unfiltered html is disallowed. **Recommendations** For versions prior to 1.6.7.55, update to version 1.6.7.55 or later to resolve the issue. As a temporary workaround, consider restricting access to the Notification settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin version 1.6.7.42 and earlier **Description** The issue is related to the failure to escape template syntax provided via user input, leading to Twig Template Injection. This can be further exploited to result in remote code execution by high-privilege users such as admins. **Recommendations** For versions prior to 1.6.7.43, update to version 1.6.7.43 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's template syntax functionality to minimize the risk of exploitation.