CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22523 – WordPress Schedule Plugin <= 1.0.0 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-22523
17 Mar 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Schedule allows Blind SQL Injection. This issue affects Schedule: from n/a through 1.0.0. The Schedule plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL querie... • https://patchstack.com/database/wordpress/plugin/schedule/vulnerability/wordpress-schedule-plugin-1-0-0-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31084 – WordPress Weekly Class Schedule plugin <= 3.19 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-31084
29 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pulsar Web Design Weekly Class Schedule allows Reflected XSS.This issue affects Weekly Class Schedule: from n/a through 3.19. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Weekly Class Schedule de Pulsar Web Design para WordPress permite el XSS reflejado. Este problema afecta el Weekly Class Schedule: desde n/a hasta 3.19. The W... • https://patchstack.com/database/vulnerability/weekly-class-schedule/wordpress-weekly-class-schedule-plugin-3-19-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22311 – WordPress Simply Schedule Appointments plugin <= 1.6.6.20 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-22311
26 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N Squared Simply Schedule Appointments allows Reflected XSS.This issue affects Simply Schedule Appointments: from n/a through 1.6.6.20. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en N Squared Simply Schedule Appointments permite el XSS reflejado. Este problema afecta a Simply Schedule Appointments: desde n/a hasta 1.6.6.20. The ... • https://patchstack.com/database/vulnerability/simply-schedule-appointments/wordpress-simply-schedule-appointments-plugin-1-6-6-20-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0249 – Advanced Schedule Posts <= 2.1.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-0249
23 Jan 2024 — The Advanced Schedule Posts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26519 – WordPress Publish to Schedule Plugin <= 4.5.4 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-26519
27 Feb 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.5.4 versions. The Publish to Schedule plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. ... • https://patchstack.com/database/vulnerability/publish-to-schedule/wordpress-publish-to-schedule-plugin-4-5-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25994 – WordPress Publish to Schedule Plugin <= 4.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25994
20 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.4.2 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Alex Benfica Publish to Schedule en versiones <= 4.4.2. The Publish to Schedule plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.2. This is due to missing or incorrect nonce validation on the 'pts_options_page' function. This makes it possible for unauthenticated attackers t... • https://patchstack.com/database/vulnerability/publish-to-schedule/wordpress-publish-to-schedule-plugin-4-4-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24309 – Weekly Schedule < 3.4.3 - Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-24309
12 May 2021 — The "Schedule Name" input in the Weekly Schedule WordPress plugin before 3.4.3 general options did not properly sanitize input, allowing a user to inject javascript code using the