CVE-2025-1119

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticated Arbitrary Shortcode Execution

Description

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.8.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

INFO

Published Date :

2025-03-13T06:56:56.733Z

Last Modified :

2025-03-13T06:56:56.733Z

Source :

Wordfence

AFFECTED PRODUCTS

The following products are affected by CVE-2025-1119 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-1119.

URL	Resource
https://plugins.trac.wordpress.org/changeset/3250719/simply-schedule-appointments/trunk/booking-app-new/page-appointment-edit.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/1be557db-daa8-4d86-819a-462f29da884b?source=cve

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact