Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Simply Schedule Appointments: Unauthorized Access to Sessions
CVE-2026-39694
Summary
A configuration error in Simply Schedule Appointments allows unauthorized users to access sessions they shouldn't be able to. This means that users with incorrect permissions can potentially access and manipulate sensitive information. To fix this issue, update to version 1.6.10.3 or later.
Original title
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ...
Original description
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.10.2.
Vulnerability type
CWE-862
Missing Authorization
Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026