Lucene search
K

530 matches found

Patchstack
Patchstack
added 2026/05/07 10:11 a.m.14 views

WordPress Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin <= 1.6.10.6 - Unauthenticated Arbitrary Appointment View, Modification and Deletion vulnerability

Unauthenticated Arbitrary Appointment View, Modification and Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Simply Schedule Appointments versions = 1.6.10.6...

6.5CVSS5.8AI score0.00492EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/29 2:48 p.m.5 views

CVE-2026-39694

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.10.2...

5.3CVSS5.1AI score0.00156EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/27 1:34 p.m.7 views

WordPress Simply Schedule Appointments plugin < 1.6.11.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin Simply Schedule Appointments versions 1.6.11.2...

5.2AI score0.00294EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.6 views

CVE-2026-2262

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...

7.5CVSS5.7AI score0.0239EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/20 9:32 a.m.5 views

WordPress Easy Appointments plugin <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API vulnerability

Unauthenticated Sensitive Information Exposure via REST API vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Easy Appointments versions = 3.12.21...

7.5CVSS5.8AI score0.0239EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.5 views

PT-2026-33764

Name of the Vulnerable Software and Affected Versions Simply Schedule Appointments versions prior to 1.6.9.28 Description An unauthenticated SQL Injection exists in the software, allowing an attacker to execute arbitrary SQL queries without needing to log in. SQL Injection is a technique where...

9.3CVSS6.1AI score0.00363EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/18 12:31 a.m.5 views

EUVD-2026-23577

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...

7.5CVSS5.7AI score0.0239EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.12 views

WordPress plugin Easy Appointments 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.5CVSS5.8AI score0.0239EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/17 11:26 p.m.3 views

CVE-2026-2262 Easy Appointments <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...

7.5CVSS5.7AI score0.0239EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/17 11:26 p.m.243 views

CVE-2026-2262 Easy Appointments <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...

7.5CVSS0.0239EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/17 11:26 p.m.3 views

CVE-2026-2262

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...

7.5CVSS5.7AI score0.0239EPSS
Exploits0References7
CVE
CVE
added 2026/04/17 11:26 p.m.27 views

CVE-2026-2262

The Easy Appointments WordPress plugin (up to version 3.12.21) exposes sensitive customer data via the REST endpoint /wp-json/wp/v2/eablocks/ea_appointments/ because permission_callback is set to __return_true. This allows unauthenticated access to full names, email addresses, phone numbers, IP a...

7.5CVSS5.7AI score0.0239EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.19 views

PT-2026-33528

Name of the Vulnerable Software and Affected Versions Easy Appointments plugin for WordPress versions prior to 3.12.22 Description Sensitive information exposure occurs via the '/wp-json/wp/v2/eablocks/ea appointments/' REST API endpoint. The issue arises because the endpoint is registered with t...

7.5CVSS5.8AI score0.0239EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.7 views

SourceCodester Patient Appointment Scheduler System 安全漏洞

The SourceCodester Patient Appointment Scheduler System is an open-source system developed by SourceCodester. Version 1.0 of the SourceCodester Patient Appointment Scheduler System contains a security vulnerability. This vulnerability stems from an SQL injection issue in the file...

2.7CVSS5.8AI score0.0019EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/13 11:3 a.m.6 views

WordPress Easy Appointments plugin <= 3.12.21 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Martín Martín in WordPress Plugin Easy Appointments versions = 3.12.21...

5.8AI score0.00287EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/10 7:22 p.m.11 views

CVE-2026-39495

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through = 1.6.9.27...

8.5CVSS5.9AI score0.00253EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/08 11:24 a.m.5 views

WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Doan Dinh Van in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.27...

6AI score0.00363EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/04/08 9:31 a.m.7 views

EUVD-2026-20391

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.10.2...

5.3CVSS5.9AI score0.00156EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.5 views

CVE-2026-39694

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.10.2...

5.3CVSS0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.24 views

CVE-2026-39694 WordPress Simply Schedule Appointments plugin <= 1.6.10.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.10.2...

5.3CVSS0.00156EPSS
Exploits0References1
Rows per page
Query Builder