CVE Catalog
CVE-2026-57317
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk0.18%
8th percentile — higher than 8% of all known CVEs
Summary
The vulnerability allows an unauthenticated attacker to execute XSS scripts in the Simply Schedule Appointments plugin versions up to and including 1.6.12.2.
Risk Assessment
An attacker can inject malicious JavaScript code, leading to session theft, redirects, or website defacement without requiring authentication.
Recommendation
It is recommended to immediately update the plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.

