Lucene search
+L

215 matches found

nuclei
nuclei
added yesterday26 views

Easy Appointments <= 3.12.21 - Information Disclosure

Easy Appointments WordPress plugin = 3.12.21 contains a sensitive information exposure caused by an unauthenticated REST API endpoint /wp-json/wp/v2/eablocks/eaappointments/ registered with permissioncallback allowing unrestricted access, letting unauthenticated attackers extract sensitive custom...

7.5CVSS7AI score0.0239EPSS
Exploits1References2
cve
cve
added 3 days ago9 views

CVE-2026-55651

Easy!Appointments exposes an Excessive Data Exposure vulnerability in the customers search endpoint (affected in 1.5.2) that allows an authenticated user to obtain appointment hashes belonging to other users, enabling modification or deletion of others’ appointments and leading to an Appointments...

7.1CVSS6.1AI score0.00185EPSS
Exploits0References1
osv
osv
added 3 days ago3 views

CVE-2026-52840 Easy!Appointments has server-side request forgery in CalDAV connection test that exposes the deployment's internal network

Easy!Appointments is a self hosted appointment scheduler. In versions prior to 1.6.0, Caldav::connecttoserver at application/controllers/Caldav.php:60 hands the request's caldavurl to a Guzzle REPORT call without scheme or host validation. A logged-in backend user admin, provider, or secretary...

2.7CVSS6.2AI score0.00186EPSS
Exploits0References4
cve
cve
added 3 days ago6 views

CVE-2026-52838

Affected software: Easy!Appointments (self-hosted appointment scheduler). Vulnerability: Stored XSS via the public booking page. An authenticated administrator can store HTML/JavaScript in the disable_booking_message setting (rich-text editor). The value is later passed directly to the public boo...

2.6CVSS6.1AI score0.00184EPSS
Exploits0References2
osv
osv
added 3 days ago3 views

CVE-2026-52838 Easy!Appointments disable_booking_message rendered as raw HTML on public booking page — Stored XSS

Easy!Appointments is a self hosted appointment scheduler. Versions prior to 1.6.0 allow administrators to define a custom "booking disabled" message through the booking settings page. That value is stored in the disablebookingmessage setting via a rich-text editor and later passed directly to the...

2.6CVSS6.1AI score0.00184EPSS
Exploits0References4
cve
cve
added 3 days ago7 views

CVE-2026-52837

Summary: Easy!Appointments

6.9CVSS6.1AI score0.00352EPSS
Exploits0References2
osv
osv
added 3 days ago2 views

CVE-2026-52837 Easy!Appointments has unauthenticated customer PII disclosure on booking reschedule page

Easy!Appointments is a self hosted appointment scheduler. In versions up to and including 1.5.2, the booking reschedule view at /index.php/booking/reschedule/appointmenthash handled by Booking::index embeds the entire customer record as inline JavaScript const vars = ... "customerdata": ...,...

6.9CVSS6.1AI score0.00352EPSS
Exploits0References4
nvd
nvd
added last week6 views

CVE-2026-11992

The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...

4.3CVSS0.0028EPSS
Exploits0References9
euvd
euvd
added last week6 views

EUVD-2026-42850

The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...

4.3CVSS6.1AI score0.0028EPSS
Exploits0References9
cve
cve
added last week6 views

CVE-2026-11992

The CVE-2026-11992 entry concerns the WordPress plugin Easy Appointments (versions up to 3.12.27). The root cause is an authorization bypass: the plugin does not properly verify a user’s permission for actions, enabling authenticated users with author-level access or higher to cancel all upcoming...

4.3CVSS6.1AI score0.0028EPSS
Exploits0References9
attackerkb
attackerkb
added last week6 views

CVE-2026-11992

The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...

4.3CVSS6.1AI score0.0028EPSS
Exploits0References10
patchstack
patchstack
added 2026/07/09 7:10 p.m.5 views

WordPress Easy Appointments plugin <= 3.12.27 - Missing Authorization to Authenticated (Author+) Bulk Appointment Manipulation vulnerability

Missing Authorization to Authenticated Author+ Bulk Appointment Manipulation vulnerability discovered by armx64 in WordPress Plugin Easy Appointments versions = 3.12.27...

4.3CVSS6.1AI score0.0028EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36952

Unauthenticated Broken Access Control in Easy Appointments = 3.12.21 versions...

7.5CVSS5.1AI score0.00287EPSS
Exploits0References2
nvd
nvd
added 2026/06/15 9:16 p.m.10 views

CVE-2026-39513

Unauthenticated Broken Access Control in Easy Appointments = 3.12.21 versions...

7.5CVSS0.00287EPSS
Exploits0References1
cve
cve
added 2026/06/15 8:17 p.m.22 views

CVE-2026-39513

CVE-2026-39513 affects the WordPress Easy Appointments plugin for versions up to 3.12.21, with an Unauthenticated Broken Access Control vulnerability. The connected documents confirm the affected product, version range, and vulnerability type but do not provide exploitation details, confirmed roo...

7.5CVSS5.1AI score0.00287EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/15 8:17 p.m.30 views

CVE-2026-39513 WordPress Easy Appointments plugin <= 3.12.21 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Easy Appointments = 3.12.21 versions...

7.5CVSS0.00287EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.12 views

PT-2026-49391

Unauthenticated Broken Access Control in Easy Appointments = 3.12.21 versions...

7.5CVSS5.1AI score0.00287EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/04/20 7:22 p.m.7 views

CVE-2026-2262

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...

7.5CVSS5.7AI score0.0239EPSS
Exploits1References1
patchstack
patchstack
added 2026/04/20 9:32 a.m.7 views

WordPress Easy Appointments plugin <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API vulnerability

Unauthenticated Sensitive Information Exposure via REST API vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Easy Appointments versions = 3.12.21...

7.5CVSS5.8AI score0.0239EPSS
Exploits1References1Affected Software1
euvd
euvd
added 2026/04/18 12:31 a.m.7 views

EUVD-2026-23577

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...

7.5CVSS5.7AI score0.0239EPSS
Exploits1References7
Rows per page
Query Builder