4 matches found
EUVD-2026-42790
The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insappuploadimageasattachment' function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
CVE-2025-23672
CVE-2025-23672 is a reflected XSS vulnerability in Instant Appointment (NotFound Instant Appointment) affecting versions up to 1.2. The issue arises from improper input neutralization during web page generation. The CVE entry notes Reflected XSS; connected Red Hat and Wordfence references corrobo...
WordPress Instant Appointment plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Instant Appointment versions = 1.2...
CVE-2024-54361 WordPress Instant Appointment plugin <= 1.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in outstrip Instant Appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through 1.2...