PT-2025-8671

Name of the Vulnerable Software and Affected Versions WP BASE Booking of Appointments, Services and Events WordPress plugin versions prior to 5.0.0 Description The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped...

GHSA-8FC2-FHH6-F6M5 Easy!Appointments Improper Restriction of Excessive Authentication Attempts

An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file...

Easy!Appointments 安全漏洞

Easy!Appointments is a web-based appointment and schedule management system by Alex Tselegidis, a personal developer. A security vulnerability exists in Easy!Appointments v1.5.0, which stems from the unfiltered legalsettings parameter, making it susceptible to cross-site scripting attacks...

Easy!Appointments 安全漏洞

Easy!Appointments is a web-based appointment, scheduling management system from the individual developer Alex Tselegidis. A security vulnerability exists in Easy!Appointments v1.5.0, which stems from a missing permission validation in index.php, resulting in elevated privileges...

CVE-2024-22311

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in N Squared Simply Schedule Appointments allows Reflected XSS.This issue affects Simply Schedule Appointments: from n/a through 1.6.6.20...

CVE-2025-22748

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Setmore SetMore Theme – Custom Post Types service-provider-profile-cpt allows Stored XSS.This issue affects SetMore Theme – Custom Post Types: from n/a through = 1.1...

WordPress plugin WP BASE Booking of Appointments, Services and Events 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2023-30748

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nikola Loncar Easy Appointments allows Stored XSS.This issue affects Easy Appointments: from n/a through 3.10.7...

CVE-2023-30748

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nikola Loncar Easy Appointments allows Stored XSS.This issue affects Easy Appointments: from n/a through 3.10.7...

CVE-2023-30748 WordPress Easy Appointments plugin <= 3.10.7 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nikola Loncar Easy Appointments allows Stored XSS.This issue affects Easy Appointments: from n/a through 3.10.7...

CVE-2023-30748 WordPress Easy Appointments plugin <= 3.10.7 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nikola Loncar Easy Appointments allows Stored XSS.This issue affects Easy Appointments: from n/a through 3.10.7...

WordPress plugin Easy Appointments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-12242 · Unknown · Easyappointments

Name of the Vulnerable Software and Affected Versions: Easy Appointments versions 3.10.7 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means that an attacker can inject malicious...

CVE-2024-7876

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Appointment Type settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml...

WordPress Appointment Booking Calendar plugin <= - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Jeewan Kumar Bhatta in WordPress Plugin Simply Schedule Appointments versions = 1.6.7.53...

WordPress Appointment Booking Calendar plugin <= 1.6.7.53 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Jeewan Kumar Bhatta in WordPress Plugin Simply Schedule Appointments versions = 1.6.7.53...

WordPress Simply Schedule Appointments Plugin <= 1.6.7.53 is vulnerable to Cross Site Scripting (XSS)

Software Simply Schedule Appointments Type Plugin Vulnerable versions = 1.6.7.53 Fixed in 1.6.7.55 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7876 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e86024a58e1c Credits Jeewa...

WordPress Simply Schedule Appointments Plugin <= 1.6.7.53 is vulnerable to Cross Site Scripting (XSS)

Software Simply Schedule Appointments Type Plugin Vulnerable versions = 1.6.7.53 Fixed in 1.6.7.55 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7877 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3e1dccd6a0e0 Credits Jeewa...

WordPress Appointment Booking Calendar plugin < 1.6.7.43 - Admin+ Template Injection to RCE vulnerability

Admin+ Template Injection to RCE vulnerability discovered by Jeewan Kumar Bhatta in WordPress Plugin Simply Schedule Appointments versions 1.6.7.43...

WordPress Simply Schedule Appointments Plugin < 1.6.7.43 is vulnerable to Remote Code Execution (RCE)

Software Simply Schedule Appointments Type Plugin Vulnerable versions 1.6.7.43 Fixed in 1.6.7.43 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-7129 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 85c7bead9303 Credits Jeewan Kumar Bhatta...