| CVE-2026-5234 | LatePoint <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 5.3 | 2026-04-17 03:36:45 | Deep Dive |
| CVE-2026-4785 | LatePoint <= 5.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 6.4 | 2026-04-08 03:36:09 | Deep Dive |
| CVE-2026-3658 | Appointment Booking Calendar <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.5 | 2026-03-19 11:15:31 | Deep Dive |
| CVE-2026-3045 | Appointment Booking Calendar <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.5 | 2026-03-13 07:23:39 | Deep Dive |
| CVE-2026-1704 | Appointment Booking Calendar <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 4.3 | 2026-03-13 07:23:39 | Deep Dive |
| CVE-2026-1708 | Appointment Booking Calendar <= 1.6.9.27 - Unauthenticated SQL Injection via 'append_where_sql' Parameter | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.5 | 2026-03-11 07:36:25 | Deep Dive |
| CVE-2026-2324 | LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.7 - Cross-Site Request Forgery in Booking Form Settings Update to Stored Cross-Site Scripting | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 6.1 | 2026-03-11 01:22:04 | Deep Dive |
| CVE-2026-1487 | LatePoint <= 5.2.7 - Authenticated (Administrator+) SQL Injection via JSON Import | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 6.5 | 2026-03-03 01:21:51 | Deep Dive |
| CVE-2026-1566 | LatePoint <= 5.2.7 - Authenticated (Agent+) Privilege Escalation | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | High | 8.8 | 2026-03-02 23:22:56 | Deep Dive |
| CVE-2025-14873 | LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Cross-Site Request Forgery | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 4.3 | 2026-02-14 06:42:27 | Deep Dive |
| CVE-2026-1932 | Appointment Booking Calendar Plugin <= 1.0.2 - Missing Authorization to Unauthenticated Arbitrary Appointment Status Modification | bssoftware | Appointment Booking Calendar Plugin – Bookr | Medium | 5.3 | 2026-02-14 05:54:12 | Deep Dive |
| CVE-2026-1537 | LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Missing Authorization to Booking Details Exposure | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 5.3 | 2026-02-12 02:23:25 | Deep Dive |
| CVE-2026-0617 | LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Unauthenticated Stored Cross-Site Scripting | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | High | 7.2 | 2026-02-03 06:38:02 | Deep Dive |
| CVE-2025-12166 | Simply Schedule Appointments <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.5 | 2026-01-14 22:23:51 | Deep Dive |
| CVE-2025-14657 | Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered) <= 4.0.51 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'post_settings' | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 7.2 | 2026-01-09 07:22:13 | Deep Dive |
| CVE-2025-5919 | Appointment Booking and Scheduling Calendar Plugin – WP Timetics <= 1.0.36 - Missing Authorization to Unauthenticated Booking Details View And Modification | arraytics | Timetics – Appointment Booking & Scheduling | Medium | 6.5 | 2026-01-06 08:21:50 | Deep Dive |
| CVE-2025-11723 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.5 - Unauthenticated Sensitive Information Exposure | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 6.5 | 2026-01-06 03:21:39 | Deep Dive |
| CVE-2025-13754 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.16 - Missing Authorization to Unauthenticated Sensitive Information Exposure | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 5.3 | 2025-12-19 06:48:22 | Deep Dive |
| CVE-2025-7038 | LatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | High | 8.2 | 2025-09-30 04:27:08 | Deep Dive |
| CVE-2025-7052 | LatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | High | 8.8 | 2025-09-30 04:27:08 | Deep Dive |