546 matches found
CVE-2026-11992 Easy Appointments <= 3.12.27 - Missing Authorization to Authenticated (Author+) Bulk Appointment Manipulation
The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...
CVE-2026-11992
The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...
CVE-2026-11992
The CVE-2026-11992 entry concerns the WordPress plugin Easy Appointments (versions up to 3.12.27). The root cause is an authorization bypass: the plugin does not properly verify a user’s permission for actions, enabling authenticated users with author-level access or higher to cancel all upcoming...
WordPress Easy Appointments plugin <= 3.12.27 - Missing Authorization to Authenticated (Author+) Bulk Appointment Manipulation vulnerability
Missing Authorization to Authenticated Author+ Bulk Appointment Manipulation vulnerability discovered by armx64 in WordPress Plugin Easy Appointments versions = 3.12.27...
WordPress Simply Schedule Appointments plugin <= 1.6.12.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by hio in WordPress Plugin Simply Schedule Appointments versions = 1.6.12.4...
WordPress Simply Schedule Appointments plugin <= 1.6.11.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by anhcd05 in WordPress Plugin Simply Schedule Appointments versions = 1.6.11.11...
CVE-2026-57317
Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.12.2 versions...
CVE-2026-57317
Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.12.2 versions...
CVE-2026-57317 WordPress Simply Schedule Appointments plugin <= 1.6.12.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.12.2 versions...
EUVD-2026-39730
Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.12.2 versions...
EUVD-2026-36952
Unauthenticated Broken Access Control in Easy Appointments = 3.12.21 versions...
EUVD-2026-36944
Unauthenticated SQL Injection in Simply Schedule Appointments = 1.6.9.27 versions...
EUVD-2026-36927
Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.10.6 versions...
CVE-2026-42384
Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments 1.6.11.2 versions...
CVE-2026-39513
Unauthenticated Broken Access Control in Easy Appointments = 3.12.21 versions...
CVE-2026-39493
Unauthenticated SQL Injection in Simply Schedule Appointments = 1.6.9.27 versions...
CVE-2026-39447
Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.10.6 versions...
CVE-2026-42384
CVE-2026-42384 concerns the WordPress plugin “Simply Schedule Appointments” (versions prior to 1.6.11.2). The entry documents an unauthenticated, sensitive data exposure vulnerability affecting this plugin. The vulnerability is described as exposing sensitive data without authentication, with a C...
CVE-2026-42384 WordPress Simply Schedule Appointments plugin < 1.6.11.2 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments 1.6.11.2 versions...
EUVD-2026-36812
Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments 1.6.11.2 versions...