Easy!appointments Security Vulnerabilities

CVE-2023-40664

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy – Smart Donations plugin <= 4.0.12...

CVE-2023-25483

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ankit Agarwal, Priyanshu Mittal Easy Coming Soon plugin <= 2.3...

CVE-2023-5134

The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with...

CVE-2023-41939

Jenkins SSH2 Easy Plugin 1.4 and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to access functionality they're no longer entitled...

CVE-2023-33929

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joaquín Ruiz Easy Admin Menu plugin <= 1.3...

CVE-2023-32603

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy – Smart Donations plugin <= 4.0.12...

CVE-2023-39801

A lack of exception handling in the Renault Easy Link Multimedia System Software Version 283C35519R allows attackers to cause a Denial of Service (DoS) via supplying crafted WMA files when connecting a device to the vehicle's USB plug and play...

CVE-2023-32505

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arshid Easy Hide Login plugin <= 1.0.7...

CVE-2023-32498

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Easy Form team Easy Form by AYS plugin <= 1.2.0...

CVE-2023-28622

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Trident Technolabs Easy Slider Revolution plugin <= 1.0.0...

CVE-2023-30747

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGem WooCommerce Easy Duplicate Product plugin <= 0.3.0.0...

CVE-2023-26587

Improper input validation for the Intel(R) Easy Streaming Wizard software may allow an authenticated user to potentially enable escalation of privilege via local...

CVE-2023-23900

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <= 6.8.8...

CVE-2023-33312

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wppal Easy Captcha plugin <= 1.0...

CVE-2023-36522

Cross-Site Request Forgery (CSRF) vulnerability in WePupil Quiz Expert plugin <= 1.5.0...

CVE-2020-36749

The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a.....

CVE-2020-26710

easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML...

CVE-2023-28496

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SMTP2GO – Email Made Easy plugin <= 1.4.2...

CVE-2023-35095

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin <= 1.0.40...

CVE-2022-46850

Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <= 0.1.3...

CVE-2023-23802

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <= 1.0.6...

CVE-2023-1323

The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite.....

CVE-2023-2526

The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX actions via a...

CVE-2021-4367

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the flo_import_forms_options AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with...

CVE-2019-25141

The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admin_init() function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify...

CVE-2023-2518

The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

CVE-2023-33926

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps plugin <= 1.11.7...

CVE-2023-25460

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodeSolz Easy Ad Manager plugin <= 1.0.0...

CVE-2023-23701

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Andrew @ Geeenville Web Design Easy Sign Up plugin <= 3.4.1...

CVE-2023-23863

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin <= 2.0.22...

CVE-2023-28169

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CoreFortress Easy Event calendar plugin <= 1.0...

CVE-2022-46799

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin <= 1.0.15...

CVE-2023-30869

Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through...

CVE-2023-1324

The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

CVE-2023-29411

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI...

CVE-2023-29412

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI...

CVE-2023-29413

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor...

CVE-2023-1325

The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2023-23799

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Leonardo Giacone Easy Panorama plugin <= 1.1.4...

CVE-2023-28660

The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'search_name' parameter in the eme_recurrences_list...

CVE-2023-0375

The Easy Affiliate Links WordPress plugin before 3.7.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2023-0380

The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2022-4754

The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting....

CVE-2023-0908

A vulnerability, which was classified as problematic, was found in Xoslab Easy File Locker 2.2.0.184. This affects the function MessageNotifyCallback in the library xlkfs.sys. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been...

CVE-2023-0275

The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

CVE-2022-4628

The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2022-4577

The Easy Testimonials WordPress plugin before 3.9.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-42973

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC.....

CVE-2022-42972

A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 -.....

CVE-2022-42970

A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows...