Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Description

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.5 via the hash() function due to use of a hardcoded fall-back salt. This makes it possible for unauthenticated attackers to generate a valid token across sites running the plugin that have not manually set a salt in the wp-config.php file and access booking information that will allow them to make modifications.

Basic Information

ID CVE-2025-11723

Source Wordfence

Published Jan 6, 2026 at 03:21

Affected Product

Vendor croixhaug

Product Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Version *

Affected Versions croixhaug Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin *

CWE Classification

CWE-330

References

{
    "lastseen": "",
    "description": "The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.5 via the hash() function due to use of a hardcoded fall-back salt. This makes it possible for unauthenticated attackers to generate a valid token across sites running the plugin that have not manually set a salt in the wp-config.php file and access booking information that will allow them to make modifications.",
    "published": "2026-01-06T03:21:38.601Z",
    "modified": "2026-01-06T03:21:38.601Z",
    "type": "cve",
    "title": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin <= 1.6.9.5 - Unauthenticated Sensitive Information Exposure",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5f3fbd2-6152-4a89-8fe9-982120d1a640?source=cve\nhttps://plugins.trac.wordpress.org/changeset/3393919/",
    "id": "CVE-2025-11723",
    "bulletinFamily": "",
    "cwe": [
        "CWE-330"
    ],
    "cvelist": null,
    "sourceData": "croixhaug Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin *",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin",
    "version": "*",
    "vendor": "croixhaug",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.5 - Unauthenticated Sensitive Information Exposure_CVE-2025-11723