CVE-2026-7797 | croixhaug Appointment Booking Calendar Plugin up to 1.6.11.8 on WordPress REST Endpoint /appointments/bulk append_where_sql sql injection

A vulnerability identified as critical has been detected in croixhaug Appointment Booking Calendar Plugin up to 1.6.11.8 on WordPress. Affected is an unknown function of the file /appointments/bulk of the component REST Endpoint. Performing a manipulation of the argument append_where_sql results in sql injection.

This vulnerability is known as CVE-2026-7797. Remote exploitation of the attack is possible. No exploit is available.VulDB Recent EntriesRead More