The Appointment Booking Calendar WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to remote code Execution by high privilege such as admins
References
| Link | Resource |
|---|---|
| https://wpscan.com/vulnerability/00ad9b1a-97a5-425f-841e-ea48f72ecda4/ | Exploit Third Party Advisory |
Configurations
History
22 Aug 2025, 09:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) The Appointment Booking Calendar WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to remote code Execution by high privilege such as admins |
27 Sep 2024, 18:26
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:nsqua:simply_schedule_appointments:*:*:*:*:*:wordpress:*:* | |
| CWE | NVD-CWE-Other | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
| First Time |
Nsqua
Nsqua simply Schedule Appointments |
|
| References | () https://wpscan.com/vulnerability/00ad9b1a-97a5-425f-841e-ea48f72ecda4/ - Exploit, Third Party Advisory |
13 Sep 2024, 14:35
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-09-13 06:15
Updated : 2025-08-22 09:15
NVD link : CVE-2024-7129
Mitre link : CVE-2024-7129
CVE.ORG link : CVE-2024-7129
JSON object : View
Products Affected
nsqua
- simply_schedule_appointments
CWE