The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.02 via the cpabc_appointments_filter_list. This makes it possible for authenticated attackers, with contributor-level access and above, to extract customer names, email addresses, phone numbers, appointment comments, and other booking personally identifiable information.
Metrics
Affected Vendors & Products
References
History
Wed, 01 Jul 2026 14:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Codepeople
Codepeople appointment Booking Calendar Wordpress Wordpress wordpress |
|
| Vendors & Products |
Codepeople
Codepeople appointment Booking Calendar Wordpress Wordpress wordpress |
Wed, 01 Jul 2026 12:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 05:00:00 +0000
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-07-01T10:42:11.567Z
Reserved: 2026-06-12T14:41:49.325Z
Link: CVE-2026-12113
Updated: 2026-07-01T10:33:48.874Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-01T13:45:02Z