The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.02 via the cpabc_appointments_filter_list. This makes it possible for authenticated attackers, with contributor-level access and above, to extract customer names, email addresses, phone numbers, appointment comments, and other booking personally identifiable information.
Metrics
Affected Vendors & Products
References
History
Wed, 01 Jul 2026 05:00:00 +0000
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-07-01T04:32:26.135Z
Reserved: 2026-06-12T14:41:49.325Z
Link: CVE-2026-12113
No data.
No data.
No data.
OpenCVE Enrichment
No data.