CVE-2024-7129

Name of the Vulnerable Software and Affected Versions The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin version 1.6.7.42 and earlier

Description The issue is related to the failure to escape template syntax provided via user input, leading to Twig Template Injection. This can be further exploited to result in remote code execution by high-privilege users such as admins.

Recommendations For versions prior to 1.6.7.43, update to version 1.6.7.43 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's template syntax functionality to minimize the risk of exploitation.