Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Vulnerabilities 27Slug simply-schedule-appointmentsLatest version 1.6.11.3WordPress.org →

Minimum safe version

1.6.11.2

Update to 1.6.11.2 or later to address 27 fixable vulnerabilities

Latest available1.6.11.3
N/A
2026-04-27< 1.6.11.2

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin < 1.6.11.2 - Unauthenticated Sensitive Information Exposure

WordfenceCVE
N/A
2026-04-08< 1.6.9.29

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.27 - Unauthenticated SQL Injection

WordfenceCVE
N/A
2026-03-10< 1.6.9.29

Appointment Booking Calendar <= 1.6.9.27 - Unauthenticated SQL Injection via 'append_where_sql' Parameter

WordfenceCVE
N/A
2026-03-12< 1.6.10.0

Appointment Booking Calendar <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure

WordfenceCVE
N/A
2026-03-12< 1.6.10.0

Appointment Booking Calendar <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint

WordfenceCVE
N/A
2026-03-18< 1.6.10.2

Appointment Booking Calendar <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter

WordfenceCVE
Medium 6.5
2026-01-22< 1.6.9.17

CVE-2025-69315

CVEWordfence
Medium 6.5
2026-01-06< 1.6.9.6

CVE-2025-11723

CVEWordfence
Medium 5.3
2025-12-19< 1.6.9.17

CVE-2025-13754

CVEWordfence
Medium 6.4
2025-06-14< 1.6.8.32

Simply Schedule Appointments <= 1.6.8.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes

EUVDWordfenceCVE
High 7.3
2025-03-13< 1.6.8.7

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticated Arbitrary Shortcode Execution

EUVDWordfenceCVE
High 7.6
2024-12-21< 1.6.6.1

WordPress Simply Schedule Appointments Plugin < 1.6.6.1 is vulnerable to SQL Injection

PatchstackCVEWordfenceWPScan