CVE Catalog

CVE-2026-57317

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

The vulnerability allows an unauthenticated attacker to execute XSS scripts in the Simply Schedule Appointments plugin versions up to and including 1.6.12.2.

Risk Assessment

An attacker can inject malicious JavaScript code, leading to session theft, redirects, or website defacement without requiring authentication.

Recommendation

It is recommended to immediately update the plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS