浏览 70+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-25435 | WordPress Booking calendar, Appointment Booking System plugin <= 3.2.36 - Cross Site Scripting (XSS) vulnerability | wpdevart | Booking calendar, Appointment Booking System | High | 7.1 | 2026-03-25 16:14:49 | Deep Dive |
| CVE-2026-3658 | Appointment Booking Calendar <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.5 | 2026-03-19 11:15:31 | Deep Dive |
| CVE-2026-3045 | Appointment Booking Calendar <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.5 | 2026-03-13 07:23:39 | Deep Dive |
| CVE-2026-1704 | Appointment Booking Calendar <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 4.3 | 2026-03-13 07:23:39 | Deep Dive |
| CVE-2026-1708 | Appointment Booking Calendar <= 1.6.9.27 - Unauthenticated SQL Injection via 'append_where_sql' Parameter | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.5 | 2026-03-11 07:36:25 | Deep Dive |
| CVE-2026-1932 | Appointment Booking Calendar Plugin <= 1.0.2 - Missing Authorization to Unauthenticated Arbitrary Appointment Status Modification | bssoftware | Appointment Booking Calendar Plugin – Bookr | Medium | 5.3 | 2026-02-14 05:54:12 | Deep Dive |
| CVE-2026-1083 | Appointment Hour Booking – Booking Calendar <= 1.5.60 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Min/Max Length' Field Configuration | codepeople | Appointment Hour Booking – Booking Calendar | Medium | 4.4 | 2026-01-28 05:30:19 | Deep Dive |
| CVE-2025-12166 | Simply Schedule Appointments <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.5 | 2026-01-14 22:23:51 | Deep Dive |
| CVE-2025-5919 | Appointment Booking and Scheduling Calendar Plugin – WP Timetics <= 1.0.36 - Missing Authorization to Unauthenticated Booking Details View And Modification | arraytics | Timetics – Appointment Booking & Scheduling | Medium | 6.5 | 2026-01-06 08:21:50 | Deep Dive |
| CVE-2025-11723 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.5 - Unauthenticated Sensitive Information Exposure | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 6.5 | 2026-01-06 03:21:39 | Deep Dive |
| CVE-2025-13754 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.16 - Missing Authorization to Unauthenticated Sensitive Information Exposure | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 5.3 | 2025-12-19 06:48:22 | Deep Dive |
| CVE-2025-67574 | WordPress Booking calendar, Appointment Booking System plugin <= 3.2.30 - Broken Access Control vulnerability | wpdevart | Booking calendar, Appointment Booking System | Medium | 5.3 | 2025-12-09 14:14:14 | Deep Dive |
| CVE-2025-13317 | Appointment Booking Calendar <= 1.3.96 - Missing Authorization to Arbitrary Booking Confirmation via 'cpabc_ipncheck' Parameter | codepeople | Appointment Booking Calendar | Medium | 5.3 | 2025-11-22 07:29:19 | Deep Dive |
| CVE-2025-64261 | WordPress Appointment Booking Calendar plugin <= 1.3.95 - Broken Access Control vulnerability | codepeople | Appointment Booking Calendar | Medium | 5.4 | 2025-11-13 09:24:27 | Deep Dive |
| CVE-2025-12633 | Booking Calendar | Appointment Booking | Bookit <= 2.5.0 - Missing Authorization to Unauthenticated Stripe Connection | stellarwp | Bookit — Booking & Appointment Calendar | High | 7.5 | 2025-11-12 07:27:41 | Deep Dive |
| CVE-2025-12788 | Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Missing Payment Verification to Unauthenticated Payment Bypass | themefic | Hydra Booking — Appointment Scheduling & Booking Calendar | Medium | 5.3 | 2025-11-11 11:03:46 | Deep Dive |
| CVE-2025-12787 | Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation | themefic | Hydra Booking — Appointment Scheduling & Booking Calendar | Medium | 5.3 | 2025-11-11 11:03:45 | Deep Dive |
| CVE-2025-7689 | Hydra Booking 1.1.0 - 1.1.18 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via tfhb_reset_password_callback Function | themefic | Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings | High | 8.8 | 2025-07-29 09:23:46 | Deep Dive |
| CVE-2025-6814 | Booking X 1.0 - 1.1.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via export_now() Function | dunskii | Booking X – Appointment and Reservation Availability Calendar | High | 7.5 | 2025-07-04 01:44:04 | Deep Dive |
| CVE-2025-4667 | Simply Schedule Appointments <= 1.6.8.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 6.4 | 2025-06-14 09:23:34 | Deep Dive |