Lucene search
K

4 matches found

EUVD
EUVD
added 10 hours ago4 views

EUVD-2026-42790

The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insappuploadimageasattachment' function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS6.7AI score
Exploits0References4
CVE
CVE
added 2025/01/22 2:29 p.m.41 views

CVE-2025-23672

CVE-2025-23672 is a reflected XSS vulnerability in Instant Appointment (NotFound Instant Appointment) affecting versions up to 1.2. The issue arises from improper input neutralization during web page generation. The CVE entry notes Reflected XSS; connected Red Hat and Wordfence references corrobo...

7.1CVSS7.2AI score0.00357EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/16 6:42 p.m.5 views

WordPress Instant Appointment plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Instant Appointment versions = 1.2...

7.1CVSS6.1AI score0.00357EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/16 2:31 p.m.7 views

CVE-2024-54361 WordPress Instant Appointment plugin <= 1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in outstrip Instant Appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through 1.2...

9.3CVSS7.7AI score0.00513EPSS
Exploits0References1
Rows per page
Query Builder