Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

518 matches found

NVD
NVDadded 2024/08/08 4:17 a.m.23 views

CVE-2024-6552

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2. This is due to the plugin utilizing Symfony and leaving displayerrors on within test files. This makes it possible for unauthenticated...

5.3CVSS0.00439EPSS
Exploits0References3
Cvelist
Cvelistadded 2024/07/20 7:51 a.m.14 views

CVE-2024-38676 WordPress Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Booking Ultra Pro allows Stored XSS.This issue affects Booking Ultra Pro: from n/a through 1.1.13...

6.5CVSS0.00302EPSS
Exploits0References1
Patchstack
Patchstackadded 2024/07/10 1:48 p.m.2 views

WordPress Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Booking Ultra Pro versions = 1.1.13...

6.5CVSS6.1AI score0.00302EPSS
Exploits0Affected Software1
NVD
NVDadded 2024/07/09 11:15 a.m.7 views

CVE-2023-38049

A BOLA vulnerability in GET, PUT, DELETE /appointments/appointmentId allows a low privileged user to fetch, modify or delete an appointment of any user including admin. This results in unauthorized access and unauthorized data manipulation...

9.9CVSS0.00415EPSS
Exploits0References1
OSV
OSVadded 2024/07/09 10:15 a.m.1 views

CVE-2023-3285

A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system including admin. This results in unauthorized data manipulation...

7.7CVSS5.8AI score
Exploits0References1
CNNVD
CNNVDadded 2024/07/09 12:0 a.m.4 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /appointments interface. A low-privileged attacker can exploit the vulnerability to create appointments for an...

7.7CVSS6.8AI score0.00338EPSS
Exploits0References2
CNNVD
CNNVDadded 2024/07/09 12:0 a.m.2 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments that stems from an insecure authorization issue in the /categories/categoryId interface. A low-privileged attacker can exploit this vulnerability to obtain, modify, or...

8.5CVSS6.8AI score0.00373EPSS
Exploits0References2
CNNVD
CNNVDadded 2024/07/09 12:0 a.m.4 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /secretaries/secretaryId interface. A low-privilege attacker can exploit this vulnerability to obtain, modify,...

9.9CVSS6.8AI score0.004EPSS
Exploits0References2
CNNVD
CNNVDadded 2024/07/09 12:0 a.m.3 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /admins/adminId interface. A low-privilege attacker can exploit this vulnerability to gain, modify, or delete ...

9.9CVSS6.8AI score0.004EPSS
Exploits0References2
CNNVD
CNNVDadded 2024/07/09 12:0 a.m.4 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /customers/customerId interface. A low-privilege attacker can exploit this vulnerability to obtain, modify, or...

9.9CVSS6.8AI score0.004EPSS
Exploits0References2
CNNVD
CNNVDadded 2024/07/09 12:0 a.m.4 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /services/serviceId interface. A low-privileged attacker can exploit this vulnerability to gain access to,...

9.6CVSS7AI score0.0039EPSS
Exploits0References2
CNNVD
CNNVDadded 2024/07/09 12:0 a.m.2 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments that stems from an insecure authorization issue in the /admins interface. A low-privileged attacker can exploit the vulnerability to create an elevated privilege user...

9.9CVSS6.8AI score0.00435EPSS
Exploits0References2
CNNVD
CNNVDadded 2024/07/09 12:0 a.m.5 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments that stems from an insecure authorization issue in the /providers interface. A low-privileged attacker can exploit the vulnerability to create privileged users provide...

8.8CVSS6.8AI score0.00349EPSS
Exploits0References2
CNNVD
CNNVDadded 2024/07/09 12:0 a.m.3 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /providers/providerId interface. A low-privileged attacker can exploit the vulnerability to obtain, modify, or...

9.9CVSS6.8AI score0.004EPSS
Exploits0References2
CNNVD
CNNVDadded 2024/07/09 12:0 a.m.3 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /secretaries interface. A low-privilege attacker can exploit the vulnerability to create a low-privilege user...

7.7CVSS6.8AI score0.00327EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2024/07/09 12:0 a.m.2 views

PT-2024-12344 · Easyappointments +1 · Alextselegidis/Easyappointments +1

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: A BOLA vulnerability in the "POST /appointments" endpoint allows a low-privileged user to create an appointment for any user in the system, including administrators. This results in...

7.7CVSS6.7AI score0.00338EPSS
Exploits0References5
CNNVD
CNNVDadded 2024/07/09 12:0 a.m.3 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments that stems from an insecure authorization issue in the /services interface. A low-privileged attacker can exploit the vulnerability to create services for any user on...

7.7CVSS6.8AI score0.00327EPSS
Exploits0References2
CNNVD
CNNVDadded 2024/07/09 12:0 a.m.5 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /appointments/appointmentId interface. A low-privileged attacker can exploit this vulnerability to obtain,...

9.9CVSS6.8AI score0.00415EPSS
Exploits0References2
OSV
OSVadded 2024/05/16 11:15 a.m.2 views

CVE-2024-4288

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping. This makes it possible f...

5.4CVSS5.9AI score0.00324EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2024/05/16 11:5 a.m.12 views

CVE-2024-4288 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping. This makes it possible f...

6.4CVSS5.8AI score0.00324EPSS
Exploits0References3
Rows per page
Query Builder