Lucene search
K

4 matches found

Nuclei
Nuclei
added yesterday20 views

Easy Appointments <= 3.12.21 - Information Disclosure

Easy Appointments WordPress plugin = 3.12.21 contains a sensitive information exposure caused by an unauthenticated REST API endpoint /wp-json/wp/v2/eablocks/eaappointments/ registered with permissioncallback allowing unrestricted access, letting unauthenticated attackers extract sensitive custom...

7.5CVSS5.9AI score0.0239EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/20 9:32 a.m.5 views

WordPress Easy Appointments plugin <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API vulnerability

Unauthenticated Sensitive Information Exposure via REST API vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Easy Appointments versions = 3.12.21...

7.5CVSS5.8AI score0.0239EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/04/17 11:26 p.m.27 views

CVE-2026-2262

The Easy Appointments WordPress plugin (up to version 3.12.21) exposes sensitive customer data via the REST endpoint /wp-json/wp/v2/eablocks/ea_appointments/ because permission_callback is set to __return_true. This allows unauthenticated access to full names, email addresses, phone numbers, IP a...

7.5CVSS5.7AI score0.0239EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.13 views

PT-2026-33528

Name of the Vulnerable Software and Affected Versions Easy Appointments plugin for WordPress versions prior to 3.12.22 Description Sensitive information exposure occurs via the '/wp-json/wp/v2/eablocks/ea appointments/' REST API endpoint. The issue arises because the endpoint is registered with t...

7.5CVSS5.8AI score0.0239EPSS
Exploits0References9
Rows per page
Query Builder