Lucene search

Easyappointments Security Vulnerabilities

cve

CVE-2022-0482

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.

9.1CVSS

9AI Score

0.244EPSS

2022-03-09 11:15 AM

2307

cve

CVE-2022-1397

API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.

8.8CVSS

8.7AI Score

0.001EPSS

2022-05-10 02:15 PM

2414

cve

CVE-2023-1269

Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

9.8CVSS

6.7AI Score

0.002EPSS

2023-03-08 11:15 AM

cve

CVE-2023-1367

Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

3.8CVSS

5.2AI Score

0.001EPSS

2023-03-13 09:15 AM

cve

CVE-2023-2102

Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

4.8CVSS

5.1AI Score

0.001EPSS

2023-04-15 01:15 PM

cve

CVE-2023-2103

Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

5.4CVSS

4.5AI Score

0.001EPSS

2023-04-15 02:15 PM

cve

CVE-2023-2104

Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

5.4CVSS

5.4AI Score

0.001EPSS

2023-04-15 02:15 PM

cve

CVE-2023-2105

Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

8.8CVSS

6.1AI Score

0.002EPSS

2023-04-15 02:15 PM

246

cve

CVE-2023-3286

A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system. This results in unauthorized data manipulation.

7.7CVSS

7.1AI Score

0.0005EPSS

2024-07-09 11:15 AM

cve

CVE-2023-3287

A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This results in privilege escalation.

9.9CVSS

9.1AI Score

0.001EPSS

2024-07-09 11:15 AM

cve

CVE-2023-3288

A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. This results in privilege escalation.

8.8CVSS

8.3AI Score

0.001EPSS

2024-07-09 11:15 AM

cve

CVE-2023-3289

A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). This results in unauthorized data manipulation.

7.7CVSS

7.2AI Score

0.0005EPSS

2024-07-09 11:15 AM

cve

CVE-2023-3290

A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation.

5CVSS

4.9AI Score

0.0004EPSS

2024-07-09 11:15 AM

cve

CVE-2023-3700

Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

6.3CVSS

4.5AI Score

0.001EPSS

2023-07-17 07:15 AM

cve

CVE-2023-38047

A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). This results in unauthorized access and unauthorized data manipulation.

8.5CVSS

8AI Score

0.001EPSS

2024-07-09 11:15 AM

cve

CVE-2023-38048

A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthorized data manipulation.

9.9CVSS

8.9AI Score

0.001EPSS

2024-07-09 11:15 AM

cve

CVE-2023-38049

A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation.

9.9CVSS

8.9AI Score

0.001EPSS

2024-07-09 11:15 AM

cve

CVE-2023-38050

A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). This results in unauthorized access and unauthorized data manipulation.

9.1CVSS

8.7AI Score

0.001EPSS

2024-07-09 11:15 AM

cve

CVE-2023-38051

A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). This results in unauthorized access and unauthorized data manipulation.

9.9CVSS

8.9AI Score

0.001EPSS

2024-07-09 11:15 AM

cve

CVE-2023-38052

A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). This results in unauthorized access and unauthorized data manipulation.

9.9CVSS

8.7AI Score

0.001EPSS

2024-07-09 11:15 AM

cve

CVE-2023-38053

A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation.

9.9CVSS

8.9AI Score

0.001EPSS

2024-07-09 11:15 AM

cve

CVE-2023-38054

A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.

9.9CVSS

8.9AI Score

0.001EPSS

2024-07-09 11:15 AM

cve

CVE-2023-38055

A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.

9.6CVSS

8.8AI Score

0.001EPSS

2024-07-09 11:15 AM

cve

CVE-2024-2844

The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users order...

4.3CVSS

5.4AI Score

0.0004EPSS

2024-03-29 06:15 AM