Tag
The Appointment Booking Calendar WordPress plugin is vulnerable to time-based blind SQL Injection (CVE-2026-7797) via the 'append_where_sql' parameter, allowing unauthenticated attackers to extract sensitive information from the database by injecting SQL queries through the /appointments/bulk REST endpoint with a specific request format.