Simply Schedule Appointments

NSquared

Developer

1.6.11.9

Latest version

60,000

Installations

No date

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

0 present

31 patched

15 Mitigation rules

Cross Site Scripting (XSS) vulnerability
<= 1.6.10.6
6 days ago
Unauthenticated SQL Injection vulnerability
<= 1.6.11.8
6 days ago
Missing Authorization to Unauthenticated Arbitrary Modification vulnerability
<= 1.6.11.8
6 days ago
Unauthenticated Denial of Service vulnerability
<= 1.6.11.5
7 days ago
Unauthenticated Arbitrary Appointment View, Modification and Deletion vulnerability
<= 1.6.10.6
07/05/2026
Sensitive Data Exposure vulnerability
< 1.6.11.2
27/04/2026
SQL Injection vulnerability
<= 1.6.9.27
08/04/2026
SQL Injection vulnerability
<= 1.6.9.27
26/03/2026
Unauthenticated SQL Injection via 'fields' Parameter vulnerability
<= 1.6.10.0
20/03/2026
Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint vulnerability
<= 1.6.9.29
13/03/2026
Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure vulnerability
<= 1.6.9.29
13/03/2026
Unauthenticated SQL Injection via 'append_where_sql' Parameter vulnerability
<= 1.6.9.27
11/03/2026
Broken Access Control vulnerability
<= 1.6.11.0
26/02/2026
Broken Access Control vulnerability
<= 1.6.9.15
20/01/2026
Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters vulnerability
<= 1.6.9.9
15/01/2026
Unauthenticated Sensitive Information Exposure vulnerability
<= 1.6.9.5
06/01/2026
Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability
<= 1.6.9.16
18/12/2025
Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes vulnerability
<= 1.6.8.30
17/06/2025
Unauthenticated Arbitrary Shortcode Execution vulnerability
<= 1.6.8.5
12/03/2025
Reflected Cross-Site Scripting vulnerability
<= 1.6.8.3
06/03/2025
Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
<= 1.6.7.53
15/10/2024
Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
<= 1.6.7.53
15/10/2024
Admin+ Template Injection to RCE vulnerability
< 1.6.7.43
13/09/2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 1.6.7.14
16/05/2024
Reflected Cross Site Scripting (XSS) vulnerability
<= 1.6.6.20
26/03/2024
Authenticated (Contributor+) SQL Injection via Shortcode vulnerability
<= 1.6.7.7
21/03/2024
Authenticated (Subscriber+) SQL Injection vulnerability
<= 1.6.7.7
21/03/2024
Cross-Site Request Forgery to Plugin Data Reset vulnerability
<= 1.6.6.20
06/03/2024
SQL Injection vulnerability
< 1.6.6.1
21/12/2023
Authenticated Stored Cross-Site Scripting (XSS) vulnerability
<= 1.5.7.6
08/08/2022
Unauthenticated Email Address Disclosure vulnerability
<= 1.5.7.6
08/08/2022