CVE-2025-46241

Name of the Vulnerable Software and Affected Versions codepeople Appointment Booking Calendar versions 1.3.92 and earlier

Description The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability that also allows SQL Injection in the codepeople Appointment Booking Calendar.

Recommendations For versions 1.3.92 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to sensitive username and password variables in the affected API endpoints until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation.