CVE-2024-4288

The CVE-2024-4288 entry concerns the Appointment Booking Calendar — Simply Schedule Appointments Plugin for WordPress. Vulnerable through version 1.6.7.14 due to insufficient input sanitization and inadequate output escaping of the link parameter, enabling stored XSS. Exploitation requires authen...

WordPress Simply Schedule Appointments Bookin plugin <= 1.6.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Krzysztof Zając in WordPress Plugin Simply Schedule Appointments versions = 1.6.7.14...

WordPress Simply Schedule Appointments Plugin <= 1.6.7.14 is vulnerable to Cross Site Scripting (XSS)

Software Simply Schedule Appointments Type Plugin Vulnerable versions = 1.6.7.14 Fixed in 1.6.7.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4288 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3f01c196049a Credits...

Exploit for Exposure of Private Personal Information to an Unauthorized Actor in Easyappointments

CVE-2022-0482 Vulnerability Exploitation Introduction This...

WordPress Plugin Booking for Appointments and Events Calendar 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2023-32295

Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3...

CVE-2023-32295

Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3...

CVE-2023-32295 WordPress Easy!Appointments plugin <= 1.3.3 - Arbitrary File Deletion vulnerability

Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3...

CVE-2023-32295 WordPress Easy!Appointments plugin <= 1.3.3 - Arbitrary File Deletion vulnerability

Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3...

CVE-2023-32295

CVE-2023-32295 relates to Easy!Appointments (WordPress plugin)

WordPress plugin Easy!Appointments 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

PT-2024-12312 · Unknown · Easyappointments

Name of the Vulnerable Software and Affected Versions: Easy!Appointments versions 1.3.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in Easy!Appointments. Recommendations: For versions 1.3.3 and earlier, at the moment, there is no information about a newe...

CVE-2024-2342

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customerid parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2024-2844

The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajaxcancelappointment function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders...

CVE-2024-2844

The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajaxcancelappointment function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders...

CVE-2024-2842

The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eafullcalendar' shortcode in all versions up to, and including, 3.11.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-2842 Easy Appointments <= 3.11.18 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eafullcalendar' shortcode in all versions up to, and including, 3.11.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-2842

CVE-2024-2842 concerns the WordPress plugin Easy Appointments. The vulnerability is a Stored Cross-Site Scripting flaw in the plugin’s ea_full_calendar shortcode, caused by insufficient input sanitization and output escaping on user-supplied attributes. Affected versions are all versions up to an...

CVE-2024-2844 Easy Appointments <= 3.11.18 - Insufficient Authorization

The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajaxcancelappointment function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders...

CVE-2024-2844

CVE-2024-2844 concerns the Easy Appointments WordPress plugin. The vulnerability arises from insufficient user validation in ajax_cancel_appointment(), allowing an unauthenticated attacker to cancel other users’ orders. Affected version range includes all versions up to and including 3.11.18. The...