CVE-2024-2844

The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajaxcancelappointment function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders...

CVE-2024-2844

The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajaxcancelappointment function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders...

WordPress Easy Appointments Plugin <= 3.11.18 is vulnerable to Cross Site Scripting (XSS)

Software Easy Appointments Type Plugin Vulnerable versions = 3.11.18 Fixed in 3.11.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2842 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e349d86a643f Credits Krzysztof Zając...

WordPress Plugin Easy Appointments 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-22436 · WordPress · Easyappointments

Name of the Vulnerable Software and Affected Versions: Easy Appointments plugin for WordPress versions up to, and including, 3.11.18 Description: The issue arises from insufficient user validation on the ajax cancel appointment function, allowing unauthenticated attackers to cancel other users'...