A vulnerability was found in croixhaug Appointment Booking Calendar Plugin up to 1.6.10.0 on WordPress. It has been classified as critical . The impacted element is an unknown function. Performing a manipulation of the argument fields results in sql injection. This vulnerability is cataloged as CVE-2026-3658 . It is possible to initiate the attack remotely. There is no exploit available.