Lucene search
+L

546 matches found

Cvelist
Cvelist
added 2026/07/10 7:48 a.m.32 views

CVE-2026-11992 Easy Appointments <= 3.12.27 - Missing Authorization to Authenticated (Author+) Bulk Appointment Manipulation

The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...

4.3CVSS0.0028EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/07/10 7:48 a.m.6 views

CVE-2026-11992

The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...

4.3CVSS6.1AI score0.0028EPSS
Exploits0References10
CVE
CVE
added 2026/07/10 7:48 a.m.7 views

CVE-2026-11992

The CVE-2026-11992 entry concerns the WordPress plugin Easy Appointments (versions up to 3.12.27). The root cause is an authorization bypass: the plugin does not properly verify a user’s permission for actions, enabling authenticated users with author-level access or higher to cancel all upcoming...

4.3CVSS6.1AI score0.0028EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/07/09 7:10 p.m.5 views

WordPress Easy Appointments plugin <= 3.12.27 - Missing Authorization to Authenticated (Author+) Bulk Appointment Manipulation vulnerability

Missing Authorization to Authenticated Author+ Bulk Appointment Manipulation vulnerability discovered by armx64 in WordPress Plugin Easy Appointments versions = 3.12.27...

4.3CVSS6.1AI score0.0028EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/07/09 2:50 p.m.5 views

WordPress Simply Schedule Appointments plugin <= 1.6.12.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by hio in WordPress Plugin Simply Schedule Appointments versions = 1.6.12.4...

6.5CVSS6.1AI score0.00196EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/09 12:30 p.m.4 views

WordPress Simply Schedule Appointments plugin <= 1.6.11.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by anhcd05 in WordPress Plugin Simply Schedule Appointments versions = 1.6.11.11...

6.5CVSS6.1AI score0.00159EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-57317

Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.12.2 versions...

7.1CVSS0.0018EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:52 p.m.8 views

CVE-2026-57317

Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.12.2 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.37 views

CVE-2026-57317 WordPress Simply Schedule Appointments plugin <= 1.6.12.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.12.2 versions...

7.1CVSS0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.8 views

EUVD-2026-39730

Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.12.2 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36952

Unauthenticated Broken Access Control in Easy Appointments = 3.12.21 versions...

7.5CVSS5.1AI score0.00287EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36944

Unauthenticated SQL Injection in Simply Schedule Appointments = 1.6.9.27 versions...

9.3CVSS5.7AI score0.00363EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36927

Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.10.6 versions...

7.1CVSS5.1AI score0.00237EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.9 views

CVE-2026-42384

Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments 1.6.11.2 versions...

7.5CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.10 views

CVE-2026-39513

Unauthenticated Broken Access Control in Easy Appointments = 3.12.21 versions...

7.5CVSS0.00287EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.9 views

CVE-2026-39493

Unauthenticated SQL Injection in Simply Schedule Appointments = 1.6.9.27 versions...

9.3CVSS0.00363EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-39447

Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.10.6 versions...

7.1CVSS0.00237EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.28 views

CVE-2026-42384

CVE-2026-42384 concerns the WordPress plugin “Simply Schedule Appointments” (versions prior to 1.6.11.2). The entry documents an unauthenticated, sensitive data exposure vulnerability affecting this plugin. The vulnerability is described as exposing sensitive data without authentication, with a C...

7.5CVSS5.2AI score0.00294EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.30 views

CVE-2026-42384 WordPress Simply Schedule Appointments plugin < 1.6.11.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments 1.6.11.2 versions...

7.5CVSS0.00294EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.11 views

EUVD-2026-36812

Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments 1.6.11.2 versions...

7.5CVSS5.2AI score0.00294EPSS
Exploits0References1
Rows per page
Query Builder