CVE-2025-68575 WordPress Wappointment plugin <= 2.7.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wappointment team Wappointment wappointment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wappointment: from n/a through = 2.7.6...

WordPress Wappointment plugin <= 2.7.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Wappointment versions = 2.7.5...

CVE-2025-67551 WordPress Wappointment plugin <= 2.6.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wappointment team Wappointment wappointment allows Stored XSS.This issue affects Wappointment: from n/a through = 2.6.9...

CVE-2025-67551 WordPress Wappointment plugin <= 2.6.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wappointment team Wappointment wappointment allows Stored XSS.This issue affects Wappointment: from n/a through = 2.6.9...

WordPress Wappointment plugin <= 2.6.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Wappointment versions = 2.6.9...

Wappointment < 2.6.1 - Admin+ SSRF

Description The plugin is vulnerable to Server-Side Request Forgery, allowing authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal servic...

CVE-2024-32454 WordPress Wappointment plugin <= 2.6.0 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Wappointment Appointment Bookings for Zoom GoogleMeet and more – Wappointment.This issue affects Appointment Bookings for Zoom GoogleMeet and more – Wappointment: from n/a through 2.6.0...

Wappointment < 2.2.5 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise the name parameter when booking an appointment, leading to a Stored Cross-Site Scripting issue which is triggered when an admin view the Calendar. PoC POST /wp-json/wappointment/v1/services/booking HTTP/1.1 Content-Length: 205 Accept: application/json, text/plain, /...