浏览 24+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39694 | WordPress Simply Schedule Appointments plugin <= 1.6.10.2 - Broken Access Control vulnerability | NSquared | Simply Schedule Appointments | - | - | 2026-04-08 08:30:46 | Deep Dive |
| CVE-2026-39495 | WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability | NSquared | Simply Schedule Appointments | - | - | 2026-04-08 08:30:12 | Deep Dive |
| CVE-2026-3658 | Appointment Booking Calendar <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.5 | 2026-03-19 11:15:31 | Deep Dive |
| CVE-2026-3045 | Appointment Booking Calendar <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.5 | 2026-03-13 07:23:39 | Deep Dive |
| CVE-2026-1704 | Appointment Booking Calendar <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 4.3 | 2026-03-13 07:23:39 | Deep Dive |
| CVE-2026-1708 | Appointment Booking Calendar <= 1.6.9.27 - Unauthenticated SQL Injection via 'append_where_sql' Parameter | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.5 | 2026-03-11 07:36:25 | Deep Dive |
| CVE-2025-69315 | WordPress Simply Schedule Appointments plugin <= 1.6.9.15 - Broken Access Control vulnerability | NSquared | Simply Schedule Appointments | - | - | 2026-01-22 16:52:32 | Deep Dive |
| CVE-2025-12166 | Simply Schedule Appointments <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.5 | 2026-01-14 22:23:51 | Deep Dive |
| CVE-2025-11723 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.5 - Unauthenticated Sensitive Information Exposure | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 6.5 | 2026-01-06 03:21:39 | Deep Dive |
| CVE-2025-13754 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.16 - Missing Authorization to Unauthenticated Sensitive Information Exposure | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 5.3 | 2025-12-19 06:48:22 | Deep Dive |
| CVE-2025-4667 | Simply Schedule Appointments <= 1.6.8.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 6.4 | 2025-06-14 09:23:34 | Deep Dive |
| CVE-2025-1119 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticated Arbitrary Shortcode Execution | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.3 | 2025-03-13 06:56:57 | Deep Dive |
| CVE-2024-13431 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.3 - Reflected Cross-Site Scripting | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 6.1 | 2025-03-07 08:21:28 | Deep Dive |
| CVE-2024-7877 | Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS | Unknown | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | - | - | 2024-11-05 06:00:08 | Deep Dive |
| CVE-2024-7876 | Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS | Unknown | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | - | - | 2024-11-05 06:00:07 | Deep Dive |
| CVE-2024-7129 | Appointment Booking Calendar < 1.6.7.43 - Admin+ Template Injection to RCE | Unknown | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | - | - | 2024-09-13 06:00:04 | Deep Dive |
| CVE-2024-4288 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 6.4 | 2024-05-16 11:05:29 | Deep Dive |
| CVE-2024-2341 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Subscriber+) SQL Injection | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 8.8 | 2024-04-09 18:59:30 | Deep Dive |
| CVE-2024-2342 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Contributor+) SQL Injection via Shortcode | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 8.8 | 2024-04-09 18:58:31 | Deep Dive |
| CVE-2024-22311 | WordPress Simply Schedule Appointments plugin <= 1.6.6.20 - Reflected Cross Site Scripting (XSS) vulnerability | N Squared | Simply Schedule Appointments | High | 7.1 | 2024-03-27 05:40:14 | Deep Dive |