CVE-2026-7493

Published: Mag 27, 2026 Last Modified: Mag 27, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: low

Description

AI Translation Available

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint (/wp-json/ssa/v1/async) that calls PHP's sleep() function on a user-supplied delay parameter without any rate limiting. This makes it possible for unauthenticated attackers to exhaust PHP worker processes, denying access to the site to legitimate users.

400

Uncontrolled Resource Consumption

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Access Control Other

Potential Impacts:

Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other) Bypass Protection Mechanism Other

Applicable Platforms

Technologies: Not Technology-Specific, AI/ML

Likelihood of Exploit: High

View CWE Details

https://plugins.trac.wordpress.org/browser/simply-schedule-…

https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/tags/1.…

https://www.wordfence.com/threat-intel/vulnerabilities/id/a…

https://www.wordfence.com/threat-intel/vulnerabilities/id/ae66228e-d086-44fd-8a…

CVE-2026-7493

Description

Uncontrolled Resource Consumption

Common Consequences

Applicable Platforms

Iscriviti alla newsletter