[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fxWmNc4dq6PRwk52WquQluIurTF6Atm59pDERF7CCaVc":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":22},"CVE-2024-7129","appointment-booking-calendar-simply-schedule-appointments-booking-plugin-authenticated-admin-remote-code-execution","Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin \u003C= 1.6.7.42 - Authenticated (Admin+) Remote Code Execution","The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.6.7.42 via Twig Template Injection. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server.","simply-schedule-appointments",null,"\u003C=1.6.7.42","1.6.7.43","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","2024-08-23 00:00:00","2024-10-04 15:57:24",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbb6f3607-d44f-452a-b3ad-55f036033480?source=api-prod",43,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsimply-schedule-appointments%2Ftags%2F1.6.7.42&new_path=%2Fsimply-schedule-appointments%2Ftags%2F1.6.7.43"]