What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in themespride Advanced Appointment Booking & Scheduling advanced-appointment-booking-scheduling allows Cross Site Request Forgery.This issue affects Advanced Appointment Booking & Scheduling: from n/a through <= 2.1.
Explanation of Vulnerability in Simple Terms
02Summary
Advanced Appointment Booking & Scheduling versions 2.1 and earlier contain a cross-site request forgery (CSRF) vulnerability. An attacker can craft a malicious link or page that, when visited by a logged-in site administrator, performs unwanted actions on the booking system without the admin's knowledge or consent. The vulnerability requires user interaction but does not require authentication.
What an attacker can do
03Attacker Capabilities
Trick a logged-in admin into performing unwanted actions on the booking system via a malicious link or page.
Potential impact on your site
04Site Impact
Attackers can modify appointment settings, bookings, or configurations if they trick admins into visiting malicious pages.
Conditions required to exploit
05Prerequisites
Admin must visit attacker-controlled page or click a malicious link while logged into the site.
Key dates
06Disclosure timeline
September 22, 2025
CVE published
April 28, 2026
Record updated