CVE-2025-1119

Name of the Vulnerable Software and Affected Versions: Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin for WordPress versions up to 1.6.8.5

Description: The issue arises from the software's failure to properly validate a value before executing do shortcode, allowing unauthenticated attackers to execute arbitrary shortcodes. This is due to the software permitting users to execute an action without correct validation.

Recommendations: For versions up to 1.6.8.5, update to a version later than 1.6.8.5 to resolve the issue. As a temporary workaround, consider restricting access to the do shortcode function until a patch is available.