These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-42384 is a HIGH severity vulnerability (CVSS Score: 7.5) affecting Simply Schedule Appointments plugin versions < 1.6.11.2. The vulnerability is described as Unauthenticated Sensitive Data Exposure.
A critical vulnerability was discovered in the Simply Schedule Appointments plugin, affecting versions up to and including 1.6.9.27. This vulnerability, tracked as CVE-2026-39493, is an unauthenticated SQL injection issue with a CVSS score of 9.3, indicating a high severity level. The vulnerability allows attackers to inject malicious SQL code without requiring authentication, potentially leading to unaut [truncated]
A high-severity Unauthenticated Cross Site Scripting (XSS) vulnerability was discovered in Simply Schedule Appointments plugin versions <= 1.6.10.6. The vulnerability has a CVSS score of 7.1 and is considered HIGH. It allows unauthenticated attackers to inject malicious scripts into the application.