530 matches found
WordPress Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin <= 1.6.10.6 - Unauthenticated Arbitrary Appointment View, Modification and Deletion vulnerability
Unauthenticated Arbitrary Appointment View, Modification and Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Simply Schedule Appointments versions = 1.6.10.6...
CVE-2026-39694
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.10.2...
WordPress Simply Schedule Appointments plugin < 1.6.11.2 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin Simply Schedule Appointments versions 1.6.11.2...
CVE-2026-2262
The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...
WordPress Easy Appointments plugin <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API vulnerability
Unauthenticated Sensitive Information Exposure via REST API vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Easy Appointments versions = 3.12.21...
PT-2026-33764
Name of the Vulnerable Software and Affected Versions Simply Schedule Appointments versions prior to 1.6.9.28 Description An unauthenticated SQL Injection exists in the software, allowing an attacker to execute arbitrary SQL queries without needing to log in. SQL Injection is a technique where...
EUVD-2026-23577
The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...
WordPress plugin Easy Appointments 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2026-2262 Easy Appointments <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API
The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...
CVE-2026-2262 Easy Appointments <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API
The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...
CVE-2026-2262
The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...
CVE-2026-2262
The Easy Appointments WordPress plugin (up to version 3.12.21) exposes sensitive customer data via the REST endpoint /wp-json/wp/v2/eablocks/ea_appointments/ because permission_callback is set to __return_true. This allows unauthenticated access to full names, email addresses, phone numbers, IP a...
PT-2026-33528
Name of the Vulnerable Software and Affected Versions Easy Appointments plugin for WordPress versions prior to 3.12.22 Description Sensitive information exposure occurs via the '/wp-json/wp/v2/eablocks/ea appointments/' REST API endpoint. The issue arises because the endpoint is registered with t...
SourceCodester Patient Appointment Scheduler System 安全漏洞
The SourceCodester Patient Appointment Scheduler System is an open-source system developed by SourceCodester. Version 1.0 of the SourceCodester Patient Appointment Scheduler System contains a security vulnerability. This vulnerability stems from an SQL injection issue in the file...
WordPress Easy Appointments plugin <= 3.12.21 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Martín Martín in WordPress Plugin Easy Appointments versions = 3.12.21...
CVE-2026-39495
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through = 1.6.9.27...
WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Doan Dinh Van in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.27...
EUVD-2026-20391
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.10.2...
CVE-2026-39694
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.10.2...
CVE-2026-39694 WordPress Simply Schedule Appointments plugin <= 1.6.10.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.10.2...