CVE-2025-4667

Published June 14th, 2025

View on NVD ↗

CVSS v3

6.4

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ssa_admin_upcoming_appointments, ssa_admin_upcoming_appointments, and ssa_past_appointments shortcodes in all versions up to, and including, 1.6.8.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

<p><strong>Simply Schedule Appointments® is an easy-to-use WordPress appointment booking plugin.</strong> It’s an automated appointment booking system loved by 70,000+ businesses, with a 5-star review average.</p> <p>The Simply Schedule Appointments booking calendars are easy and fast to set up. And enjoyable for your customers and clients to book and schedule appointments. <strong>You can set up the appointment scheduling calendars to take your first booking in less than 5 minutes!</strong></p> <p>And, the best part is that our 5-star support team is here to help you each step of the way, either through our comprehensive and organized <a href="https://simplyscheduleappointments.com/help-center/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=help-center" rel="nofollow ugc">Help Center</a>, here on the <a href="https://wordpress.org/support/plugin/simply-schedule-appointments/#new-topic-0" rel="ugc">WordPress Forums</a>, or directly from the Simply Schedule Appointments <a href="https://simplyscheduleappointments.com/guides/support-tools/" rel="nofollow ugc">Support Tab</a> within the plugin.</p> <h4>Booking System Features to Help You Schedule Business Meeting Appointments</h4> <p>Features included with the Simply Schedule Appointments Free Basic Edition for booking appointments:</p> <ul> <li><a href="https://simplyscheduleappointments.com/guides/appointment-type-settings/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=unlimited-booking-calendars" rel="nofollow ugc">Unlimited Booking Calendars</a> and <a href="https://simplyscheduleappointments.com/guides/email-notifications/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=customizable-notifications" rel="nofollow ugc">Customizable Notifications</a></li> <li>Use <a href="https://simplyscheduleappointments.com/guides/advanced-scheduling-options/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=advanced-scheduling-options" rel="nofollow ugc">Advanced Scheduling Options</a> and <a href="https://simplyscheduleappointments.com/guides/blackout-dates/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=blackout-dates" rel="nofollow ugc">Blackout Dates</a> to highly tailor your schedule</li> <li>Embed the appointment booking calendars using the Block Editor, <a href="https://simplyscheduleappointments.com/elementor-appointment-booking/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=elementor" rel="nofollow ugc">Elementor widgets</a>, <a href="https://simplyscheduleappointments.com/beaver-builder-appointment-scheduling/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=beaver-builder" rel="nofollow ugc">Beaver Builder modules</a>, and <a href="https://simplyscheduleappointments.com/integrations/divi-booking-widgets/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=divi" rel="nofollow ugc">Divi modules</a></li> <li><a href="https://simplyscheduleappointments.com/guides/custom-styles?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=custom-styles" rel="nofollow ugc">Style and Customize the Booking Calendars</a> to match your brand and website</li> <li><a href="https://simplyscheduleappointments.com/guides/translating-simply-schedule-appointments/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=translating-ssa" rel="nofollow ugc">Translation-ready</a> – including Spanish, German, French, and more!</li> <li>Deeply connected with WordPress, including integrations for the <a href="https://simplyscheduleappointments.com/guides/the-events-calendar-setup/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=the-events-calendar" rel="nofollow ugc">The Events Calendar</a> plugin, <a href="https://simplyscheduleappointments.com/guides/wp-fusion-automations/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=wp-fusion" rel="nofollow ugc">WP Fusion Automations</a>, and more!</li> </ul> <p>Features included with the Simply Schedule Appointments Paid Premium Editions for booking appointments:</p> <ul> <li><a href="https://simplyscheduleappointments.com/guides/capacity-and-group-bookings/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=capacity-and-group-booking" rel="nofollow ugc">Group or class event booking</a> – Book time slots up to a certain capacity</li> <li><a href="https://simplyscheduleappointments.com/guides/booking-flows/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=booking-flows" rel="nofollow ugc">Booking Flows</a> – Choose from a selection of booking steps and layouts</li> <li><a href="https://simplyscheduleappointments.com/guides/syncing-google-calendar/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=google-calendar" rel="nofollow ugc">Google Calendar Sync</a> – Allow your site’s booking system to check your personal calendar for conflicts and customize those <a href="https://simplyscheduleappointments.com/guides/customize-calendar-events/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=customize-calendar-events" rel="nofollow ugc">calendar events</a></li> <li><a href="https://simplyscheduleappointments.com/guides/setup-team-booking/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=team-booking" rel="nofollow ugc">Team booking</a> – Allow your staff to receive bookings and customize their own schedules</li> <li><a href="https://simplyscheduleappointments.com/guides/start-here-resource-booking/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=resource-booking" rel="nofollow ugc">Resource booking</a> – Schedule meeting rooms, rental items and things such as bikes or tables, or set max occupancies</li> <li><a href="https://simplyscheduleappointments.com/integrations/mailchimp/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=mailchimp" rel="nofollow ugc">Mailchimp</a> – Automatically add users as new contacts to your audience from the booking form</li> <li><a href="https://simplyscheduleappointments.com/guides/payments-setting-up-stripe/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=stripe" rel="nofollow ugc">Stripe</a> and <a href="https://simplyscheduleappointments.com/guides/paypal-payments/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=paypal" rel="nofollow ugc">PayPal</a> for <a href="https://simplyscheduleappointments.com/guides/adding-payments-to-appointment-types/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=payments" rel="nofollow ugc">Payments</a> – Instantly get paid for your time and expertise</li> <li><a href="https://simplyscheduleappointments.com/guides/sms-notifications/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=sms-twilio" rel="nofollow ugc">Twilio for SMS</a> notifications and reminders</li> <li><a href="https://simplyscheduleappointments.com/integrations/gravity-forms/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=gravity-forms" rel="nofollow ugc">Gravity Forms</a> and <a href="https://simplyscheduleappointments.com/integrations/formidable-forms/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=formidable-forms" rel="nofollow ugc">Formidable Forms</a> Integration – Create complex booking forms</li> <li><a href="https://simplyscheduleappointments.com/guides/zoom/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=zoom" rel="nofollow ugc">Zoom</a> and <a href="https://simplyscheduleappointments.com/guides/google-meet/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=google-meet" rel="nofollow ugc">Google Meet</a> for virtual meetings</li> <li><a href="https://simplyscheduleappointments.com/guides/conversion-tracking/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=conversion-tracking" rel="nofollow ugc">Google Analytics and Tag Manager tracking</a> enabled to count booking form conversions</li> <li><a href="https://simplyscheduleappointments.com/guides/webhooks/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=webhooks" rel="nofollow ugc">Trigger Webhooks</a> for appointment actions and connect to Zapier</li> <li><a href="https://simplyscheduleappointments.com/guides/ics-subscription-feed/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=ics-feed" rel="nofollow ugc">ICS Subscription Feeds</a> – Sync your personal calendar applications to all incoming bookings.</li> </ul> <p>Simply Schedule Appointments is perfect if you want to let your customers schedule phone calls, in-person or virtual video meetings, or <a href="https://simplyscheduleappointments.com/scheduling-for-coaches/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=coaches" rel="nofollow ugc">coaching appointments</a>. The perfect tool for business consultations, interviews, or scheduling services.</p> <p>You can tame and automate your schedule and easily manage when you’re available for appointments. And block off dates when you don’t want to be disturbed for bookings — no more phone calls or back-and-forth emails to find a meeting time that works. Simply let your <a href="https://simplyscheduleappointments.com/wordpress-booking-plugin/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=wp-booking-plugin" rel="nofollow ugc">WordPress booking system</a> take care of it!</p> <p>Easily limit how many daily appointments you schedule and set the minimum time between bookings. Automate your schedule while still maintaining control of your availability — manage your booking calendars, time slots, and appointments all in one place.</p> <p>Offer different types of appointment calendars for your services. For example, you could allow new clients to schedule on an introduction call calendar or let established customers schedule a longer time slot with a separate calendar. And, forget about double-bookings, Simply Schedule Appointments is capable of preventing unexpected scheduling problems!</p> <p>Are you looking to offer tutoring or remote teaching classes? Let your students quickly book times with you for lessons, reviews, or simple consultations. Localized time zones make meetings for distance learning and remote office hours a breeze to schedule.</p> <p>Simply Schedule Appointments contains all the data from your appointments and customers within your WordPress site. Own your data and be fully <a href="https://simplyscheduleappointments.com/guides/gdpr-and-privacy-faq/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=gdpr" rel="nofollow ugc">GDPR-compliant</a> and make it easier for your booking system to achieve <a href="https://simplyscheduleappointments.com/guides/hipaa-capable/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=hipaa" rel="nofollow ugc">HIPAA compliance</a>.</p> <p><a href="https://simplyscheduleappointments.com/help-center/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=help-center" rel="nofollow ugc">Complete documentation to start booking appointments today is available on our website.</a></p> <h4>Getting Started with the WordPress Booking Calendars is Easy</h4> <p>Use the built-in <a href="https://simplyscheduleappointments.com/guides/after-the-setup-wizard/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=setup-wizard" rel="nofollow ugc">Setup Wizard</a> to create your first <a href="https://simplyscheduleappointments.com/guides/appointment-type-settings/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=appointment-type" rel="nofollow ugc">Appointment Type</a> in under 5 minutes. Next, just embed the booking calendar on your site using our general booking shortcode <code>[ssa_booking]</code> or our native WordPress editor block:</p> <span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/yUWQdQhfaJY?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span> <h4>Who This Booking System is For</h4> <p>Simply Schedule Appointments is ideal for anyone who needs to automate and book appointments with clients and customers, including booking for:</p> <ul> <li><strong>Client Meeting Booking</strong> — Entrepreneurs, Web developers, Consultants, <a href="https://simplyscheduleappointments.com/scheduling-for-coaches/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=coaches" rel="nofollow ugc">Personal and Business Coaches</a>, <a href="https://simplyscheduleappointments.com/scheduling-for-lawyers/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=lawyers" rel="nofollow ugc">Lawyers</a>, Car Dealers, Real Estate, <a href="https://simplyscheduleappointments.com/demo-sites/scheduling-for-agencies-2/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=agencies" rel="nofollow ugc">Agencies</a></li> <li><strong>Event Booking</strong> — Wedding coordinators, Dress Shops, Boutiques, Workshop Teachers, Food Truck Lots</li> <li><strong>Class Lessons or Tutor Scheduling</strong> — <a href="https://simplyscheduleappointments.com/scheduling-for-personal-trainers/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=personal-trainers" rel="nofollow ugc">Personal trainers</a>, <a href="https://simplyscheduleappointments.com/scheduling-for-yoga-studios/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=yoga-studios" rel="nofollow ugc">Yoga studios</a>, Exercise Studios, Language / ESL Tutors, Dance Studios, Fitness Professionals, Music Teacher, Instructors, Professors</li> <li><strong>Service Booking</strong> — <a href="https://simplyscheduleappointments.com/scheduling-for-handyman-services/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=handyman" rel="nofollow ugc">Handyman Services</a>, Contractors, <a href="https://simplyscheduleappointments.com/demo-sites/scheduling-for-hairstylist/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=hairstylist-barbers" rel="nofollow ugc">Hair Salons, Barbershops</a>, Photographers, Tattoo Shops, <a href="https://simplyscheduleappointments.com/demo-sites/scheduling-for-mobile-notaries/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=notaries" rel="nofollow ugc">Notaries</a>, Tax Preparations, Home Inspections</li> <li><strong>Visitor Booking</strong> — Bakeries, Restaurants, Museums, Retirement Homes, Curbside Pickup</li> <li><strong>Patient Booking</strong> — Nutritionists, Vaccination Appointments, Chiropractors, Physical Therapists, Pharmacy Prescription Pickups</li> <li><strong>Simple Reservations</strong> — Equipment Rentals, Room Reservations, Table Reservations for Restaurants, Office Reservations</li> </ul> <p>Simply Schedule Appointments offers an excellent experience for your customers who need to book appointments. Our <a href="https://simplyscheduleappointments.com/wordpress-booking-plugin/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=wp-booking-plugin" rel="nofollow ugc">WordPress booking plugin</a> has just the features you need without all the extra bloat and needless settings found in other appointment booking plugins. And our UI is snappy, highly responsive, and a joy to use.</p> <h4>Flexible, Fast, and Powerful Booking Calendars</h4> <p>Other appointment scheduling plugins are either too simple or too complicated. They lack the <a href="https://simplyscheduleappointments.com/features/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=features" rel="nofollow ugc">basic features</a> you need to start automating your schedule and booking appointments, or, if they do have those features, as you grow and add services, staff, and locations, they become complex and confusing to use for booking.</p> <p><a href="https://simplyscheduleappointments.com/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=ssa" rel="nofollow ugc">Simply Schedule Appointments</a> is ready to grow with your business’ booking needs — without all the confusion and clutter of settings that don’t apply to you. It’s also highly compatible with WordPress and can be added to any theme and page layout on your site.</p> <p>Simply Schedule Appointments offers <a href="https://simplyscheduleappointments.com/demos/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=demos" rel="nofollow ugc">fully responsive booking calendars</a> and works efficiently on any device – even touch screens. Our WordPress booking plugin will work dependably and reliably, whether you’re managing your appointment availability from your tablet or your customer is booking an appointment from their smartphone.</p> <h4>User-Friendly and Accessible Booking System</h4> <p>Our WordPress booking calendar system was designed with people in mind, first and foremost. So we’re always thinking about how people will be using our appointment scheduling plugin, what they’ll expect, and what booking features they’ll want and need.</p> <p>This WordPress booking calendar system is built with you and your customer in mind and is accessible for everyone. We believe appointment scheduling should be as clear and straightforward as possible while maintaining the flexibility and booking features our customers need.</p> <p>We’ve made sure that everyone can use our appointment scheduling plugin, including people with auditory, visual, and physical disabilities.</p> <p>Everyone deserves access to everything the web offers, so we built our <a href="https://simplyscheduleappointments.com/accessibility-booking-plugin-wordpress/?utm_source=website&utm_medium=promo-link&utm_campaign=wordpress-org&utm_content=accessibility" rel="nofollow ugc">WordPress booking calendar plugin with accessibility in mind</a>. As a result, you’ll never have to worry that a customer will find themselves unable to schedule an appointment because of their abilities or the device they’re using.</p> <h4>Deep Integrations With All the Tools and WordPress Plugins You Love</h4> <p>Integrations included with the Simply Schedule Appointments Free Basic Edition for booking appointments:</p> <ul> <li><a href="https://simplyscheduleappointments.com/guides/wordpress-user

WordPress Plugin Directory

3.76M