2 matches found
CVE-2026-2262 Easy Appointments <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API
The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...
CVE-2026-1431 Booking Calendar <= 10.14.13 - Missing Authorization to Unauthenticated Booking Details Exposure
The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbcajaxWPBCFLEXTIMELINENAV function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking information...