541 matches found
Easy Appointments <= 3.12.21 - Information Disclosure
Easy Appointments WordPress plugin = 3.12.21 contains a sensitive information exposure caused by an unauthenticated REST API endpoint /wp-json/wp/v2/eablocks/eaappointments/ registered with permissioncallback allowing unrestricted access, letting unauthenticated attackers extract sensitive custom...
WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure
WordPress Simply Schedule Appointments plugin before 1.5.7.7 is susceptible to information disclosure. The plugin is missing authorization in a REST endpoint, which can allow an attacker to retrieve user details such as name and email address. id: CVE-2022-2373 info: name: WordPress Simply Schedu...
CVE-2026-55651
Easy!Appointments exposes an Excessive Data Exposure vulnerability in the customers search endpoint (affected in 1.5.2) that allows an authenticated user to obtain appointment hashes belonging to other users, enabling modification or deletion of others’ appointments and leading to an Appointments...
CVE-2026-52838
Affected software: Easy!Appointments (self-hosted appointment scheduler). Vulnerability: Stored XSS via the public booking page. An authenticated administrator can store HTML/JavaScript in the disable_booking_message setting (rich-text editor). The value is later passed directly to the public boo...
CVE-2026-52837
Summary: Easy!Appointments
CVE-2026-59523
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.11.11...
CVE-2026-57812
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.12.4...
CVE-2026-59523
CVE-2026-59523 affects the WordPress plugin Simply Schedule Appointments (
CVE-2026-57812
Summary: CVE-2026-57812 concerns the WordPress plugin “Simply Schedule Appointments.” In affected versions (up to and including 1.6.12.4), the issue is described as a Missing Authorization vulnerability caused by misconfigured access control within the Simply Schedule Appointments plugin, enablin...
CVE-2026-57812 WordPress Simply Schedule Appointments plugin <= 1.6.12.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.12.4...
CVE-2026-59523 WordPress Simply Schedule Appointments plugin <= 1.6.11.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.11.11...
CVE-2026-11990
The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...
EUVD-2026-42864
The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...
CVE-2026-11992
The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...
EUVD-2026-42850
The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...
CVE-2026-11992
The CVE-2026-11992 entry concerns the WordPress plugin Easy Appointments (versions up to 3.12.27). The root cause is an authorization bypass: the plugin does not properly verify a user’s permission for actions, enabling authenticated users with author-level access or higher to cancel all upcoming...
CVE-2026-11992
The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...
CVE-2026-11992 Easy Appointments <= 3.12.27 - Missing Authorization to Authenticated (Author+) Bulk Appointment Manipulation
The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...
WordPress Easy Appointments plugin <= 3.12.27 - Missing Authorization to Authenticated (Author+) Bulk Appointment Manipulation vulnerability
Missing Authorization to Authenticated Author+ Bulk Appointment Manipulation vulnerability discovered by armx64 in WordPress Plugin Easy Appointments versions = 3.12.27...
WordPress Simply Schedule Appointments plugin <= 1.6.12.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by hio in WordPress Plugin Simply Schedule Appointments versions = 1.6.12.4...