CVE-2024-2844 Easy Appointments <= 3.11.18 - Insufficient Authorization

The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajaxcancelappointment function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders...

WordPress Easy Appointments Plugin <= 3.11.18 is vulnerable to Cross Site Scripting (XSS)

Software Easy Appointments Type Plugin Vulnerable versions = 3.11.18 Fixed in 3.11.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2842 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e349d86a643f Credits Krzysztof Zając...

WordPress Easy Appointments Plugin <= 3.11.18 is vulnerable to Broken Access Control

Software Easy Appointments Type Plugin Vulnerable versions = 3.11.18 Fixed in 3.11.19 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-2844 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d5cb3e5ca959 Credits Krzysztof Zając Required...

WordPress Plugin Easy Appointments 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Plugin Easy Appointments 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Easy Appointments < 3.11.19 - Insufficient Authorization

Description The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajaxcancelappointment function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other...

PT-2024-22436 · WordPress · Easyappointments

Name of the Vulnerable Software and Affected Versions: Easy Appointments plugin for WordPress versions up to, and including, 3.11.18 Description: The issue arises from insufficient user validation on the ajax cancel appointment function, allowing unauthenticated attackers to cancel other users'...

PT-2024-22424 · WordPress · Easyappointments

Name of the Vulnerable Software and Affected Versions: Easy Appointments plugin for WordPress versions up to, and including, 3.11.18 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'ea full calendar' shortcode due to insufficient input sanitization and output...

CVE-2024-22311

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in N Squared Simply Schedule Appointments allows Reflected XSS.This issue affects Simply Schedule Appointments: from n/a through 1.6.6.20...

CVE-2024-22311 WordPress Simply Schedule Appointments plugin <= 1.6.6.20 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in N Squared Simply Schedule Appointments allows Reflected XSS.This issue affects Simply Schedule Appointments: from n/a through 1.6.6.20...

CVE-2024-22311

Technical details about CVE-2024-22311 are not publicly provided in the supplied documents. The initial entry notes an XSS issue in Simply Schedule Appointments but no affected versions, impact specifics, exploit info, or fixes are disclosed here. Monitor for updates.

WordPress Simply Schedule Appointments Plugin <= 1.6.6.20 is vulnerable to Cross Site Scripting (XSS)

Software Simply Schedule Appointments Type Plugin Vulnerable versions = 1.6.6.20 Fixed in 1.6.6.24 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22311 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fb6daf2f8c79 Credits Rafie Muhamma...

PT-2024-19334 · Nsquared · N Squared Simply Schedule Appointments

Name of the Vulnerable Software and Affected Versions: N Squared Simply Schedule Appointments versions 1.6.6.20 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS...

WordPress Simply Schedule Appointments Plugin <= 1.6.7.7 is vulnerable to SQL Injection

Software Simply Schedule Appointments Type Plugin Vulnerable versions = 1.6.7.7 Fixed in 1.6.7.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2342 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 36408cb83a66 Credits Krzysztof Zając Required privileg...

WordPress Simply Schedule Appointments Plugin <= 1.6.7.7 is vulnerable to SQL Injection

Software Simply Schedule Appointments Type Plugin Vulnerable versions = 1.6.7.7 Fixed in 1.6.7.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2341 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 6389ada68f55 Credits Krzysztof Zając Required...

WordPress Plugin Booking for Appointments and Events Calendar Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2024-1760

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.6.20. This is due to missing or incorrect nonce validation on the ssafactoryreset function. This makes it...

WordPress Simply Schedule Appointments Plugin <= 1.6.6.20 is vulnerable to Cross Site Request Forgery (CSRF)

Software Simply Schedule Appointments Type Plugin Vulnerable versions = 1.6.6.20 Fixed in 1.6.6.24 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1760 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 41bce45152e6 Credits...

CVE-2024-0698

The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

CVE-2024-0698

The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyappointments' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...