CVE-2025-12166 | Appointment Booking Calendar Plugin up to 1.6.9.9 on WordPress order/append_where_sql sql injection

Inserito da Angelo Barbosa | Gen 14, 2026 | CVE

A vulnerability was found in Appointment Booking Calendar Plugin up to 1.6.9.9 on WordPress. It has been declared as critical. Impacted is an unknown function. Such manipulation of the argument order/append_where_sql leads to sql injection.

This vulnerability is referenced as CVE-2025-12166. It is possible to launch the attack remotely. No exploit is available.

CVE-2025-12166 | Appointment Booking Calendar Plugin up to 1.6.9.9 on WordPress order/append_where_sql sql injection

Post correlati

CVE-2024-5589 | Netentsec NS-ASG Application Security Gateway 6.3 config_MT.php Mid sql injection

CVE-2024-10184 | StreamWeasels Kick Integration Plugin up to 1.1.1 on WordPress Shortcode sw-kick-embed cross site scripting

CVE-2024-21499 | greenpau caddy-security X-Forwarded-Proto http headers for scripting syntax (Issue 270)

CVE-2024-8757 | Boost Your Blogs Engagement with WP Post Author up to 3.8.1 on WordPress sql injection