Lucene search
K

541 matches found

Nuclei
Nuclei
added 15 hours ago26 views

Easy Appointments <= 3.12.21 - Information Disclosure

Easy Appointments WordPress plugin = 3.12.21 contains a sensitive information exposure caused by an unauthenticated REST API endpoint /wp-json/wp/v2/eablocks/eaappointments/ registered with permissioncallback allowing unrestricted access, letting unauthenticated attackers extract sensitive custom...

7.5CVSS7AI score0.0239EPSS
Exploits1References2
Nuclei
Nuclei
added 15 hours ago49 views

WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure

WordPress Simply Schedule Appointments plugin before 1.5.7.7 is susceptible to information disclosure. The plugin is missing authorization in a REST endpoint, which can allow an attacker to retrieve user details such as name and email address. id: CVE-2022-2373 info: name: WordPress Simply Schedu...

5.3CVSS6.2AI score0.01424EPSS
Exploits2References5
CVE
CVE
added yesterday8 views

CVE-2026-55651

Easy!Appointments exposes an Excessive Data Exposure vulnerability in the customers search endpoint (affected in 1.5.2) that allows an authenticated user to obtain appointment hashes belonging to other users, enabling modification or deletion of others’ appointments and leading to an Appointments...

7.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-52838

Affected software: Easy!Appointments (self-hosted appointment scheduler). Vulnerability: Stored XSS via the public booking page. An authenticated administrator can store HTML/JavaScript in the disable_booking_message setting (rich-text editor). The value is later passed directly to the public boo...

2.6CVSS6.1AI score
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-52837

Summary: Easy!Appointments

6.9CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2 days ago4 views

CVE-2026-59523

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.11.11...

6.5CVSS0.00159EPSS
Exploits0References1
NVD
NVD
added 2 days ago6 views

CVE-2026-57812

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.12.4...

6.5CVSS0.00196EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-59523

CVE-2026-59523 affects the WordPress plugin Simply Schedule Appointments (

6.5CVSS6.1AI score0.00159EPSS
Exploits0References1
CVE
CVE
added 2 days ago11 views

CVE-2026-57812

Summary: CVE-2026-57812 concerns the WordPress plugin “Simply Schedule Appointments.” In affected versions (up to and including 1.6.12.4), the issue is described as a Missing Authorization vulnerability caused by misconfigured access control within the Simply Schedule Appointments plugin, enablin...

6.5CVSS6.1AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-57812 WordPress Simply Schedule Appointments plugin <= 1.6.12.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.12.4...

6.5CVSS0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-59523 WordPress Simply Schedule Appointments plugin <= 1.6.11.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.11.11...

6.5CVSS0.00159EPSS
Exploits0References1
NVD
NVD
added 5 days ago8 views

CVE-2026-11990

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00342EPSS
Exploits0References12
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42864

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6.2AI score0.00342EPSS
Exploits0References12
NVD
NVD
added 5 days ago6 views

CVE-2026-11992

The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...

4.3CVSS0.0028EPSS
Exploits0References9
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42850

The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...

4.3CVSS6.1AI score0.0028EPSS
Exploits0References9
CVE
CVE
added 5 days ago6 views

CVE-2026-11992

The CVE-2026-11992 entry concerns the WordPress plugin Easy Appointments (versions up to 3.12.27). The root cause is an authorization bypass: the plugin does not properly verify a user’s permission for actions, enabling authenticated users with author-level access or higher to cancel all upcoming...

4.3CVSS6.1AI score0.0028EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-11992

The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...

4.3CVSS6.1AI score0.0028EPSS
Exploits0References10
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-11992 Easy Appointments <= 3.12.27 - Missing Authorization to Authenticated (Author+) Bulk Appointment Manipulation

The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...

4.3CVSS0.0028EPSS
Exploits0References9
Patchstack
Patchstack
added 6 days ago5 views

WordPress Easy Appointments plugin <= 3.12.27 - Missing Authorization to Authenticated (Author+) Bulk Appointment Manipulation vulnerability

Missing Authorization to Authenticated Author+ Bulk Appointment Manipulation vulnerability discovered by armx64 in WordPress Plugin Easy Appointments versions = 3.12.27...

4.3CVSS6.1AI score0.0028EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Simply Schedule Appointments plugin <= 1.6.12.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by hio in WordPress Plugin Simply Schedule Appointments versions = 1.6.12.4...

6.5CVSS6.1AI score0.00196EPSS
Exploits0Affected Software1
Rows per page
Query Builder