Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
Moderate fix1 remedy
cpe:2.3:a:codepeople:appointment_booking_calendar:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 1.6.9.5
Appointment Booking Calendar WordPress Plugin Sensitive Information Exposure Vulnerability
Vulnerability
Patched
A vulnerability allowing sensitive information exposure has been identified in the Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin for WordPress, affecting all versions through 1.6.9.5. The issue arises from the hash() function's use of a hardcoded fallback salt, which enables unauthenticated attackers to generate valid tokens across different sites using the plugin. This is possible on sites that have not manually set a salt in the wp-config.php file, potentially allowing unauthorized access to booking information and the ability to make modifications.
Impact
Exploitation of this vulnerability could lead to unauthorized access to booking information, allowing attackers to make unauthorized modifications.
Remediation
Users are advised to update the Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin to version 1.6.9.6 or a newer patched version.
Added: Jan 6, 2026, 4:28 AM
Updated: Jan 6, 2026, 4:28 AM
Vulnerability Rating
Custom Algorithm
spread
2.2impact
0.6exploitability
7.6remediation
7.7relevance
1.9threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.