Primary

Context

WordPress Appointment Booking Calendar and Scheduling Plugin Unauthenticated Export Vulnerability

Vulnerability

A vulnerability exists in the Appointment Booking Calendar and Scheduling WordPress plugins, prior to version 1.1.23, allowing unauthenticated attackers to access exported settings files. The plugins export data to a public directory using an easily guessable file name, potentially exposing sensitive information if the exported files are present.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data, depending on what information was exported by the plugin.

Remediation

Users are advised to update the Appointment Booking Calendar and Scheduling WordPress plugins to version 1.1.23 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Appointment Booking Calendar and Scheduling Plugin Unauthenticated Export Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating