2 matches found
CVE-2024-2844
The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajaxcancelappointment function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders...
WordPress Easy Appointments Plugin <= 3.11.18 is vulnerable to Broken Access Control
Software Easy Appointments Type Plugin Vulnerable versions = 3.11.18 Fixed in 3.11.19 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-2844 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d5cb3e5ca959 Credits Krzysztof Zając Required...