Sensitive Information Exposure in Appointment Booking Calendar by WordPress
CVE-2026-12113
4.3MEDIUM
What is CVE-2026-12113?
The Appointment Booking Calendar plugin for WordPress is susceptible to a vulnerability that allows authenticated users with contributor-level access and higher to gain unauthorized access to sensitive customer information. This issue affects all versions of the plugin up to and including 1.4.02. Attackers can potentially extract personal identifiable information (PII) such as customer names, email addresses, phone numbers, and appointment comments via the cpabc_appointments_filter_list functionality, risking the privacy of users and exposing valuable data.
Affected Version(s)
Appointment Booking Calendar 0 <= 1.4.02