CVE-2026-2262 Easy Appointments <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...

CVE-2026-2262

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...

CVE-2026-2262

The Easy Appointments WordPress plugin (up to version 3.12.21) exposes sensitive customer data via the REST endpoint /wp-json/wp/v2/eablocks/ea_appointments/ because permission_callback is set to __return_true. This allows unauthenticated access to full names, email addresses, phone numbers, IP a...

GoDaddy Leaks ‘Map of the Internet’ via Amazon S3 Cloud Bucket Misconfig

UPDATE GoDaddy, the world’s largest domain name registrar, has exposed high-level configuration information for tens of thousands of systems and competitively sensitive pricing options for running those systems in Amazon AWS, thanks to yet another cloud storage misconfiguration. The documents wer...