Lucene search
+L
Easy-appointmentsEasy Appointments

6 matches found

CVE
CVE
added 2023/01/23 2:31 p.m.68 views

CVE-2022-4668

CVE-2022-4668 affects the Easy Appointments WordPress plugin (versions before 3.11.2). The issue is that shortcode attributes are not validated/escaped before output, enabling Stored Cross‑Site Scripting by users with as little as a contributor against high‑privilege users (e.g., admins). A PoC e...

5.4CVSS5.3AI score0.00471EPSS
CVE
CVE
added 2024/03/29 5:35 a.m.64 views

CVE-2024-2844

CVE-2024-2844 concerns the Easy Appointments WordPress plugin. The vulnerability arises from insufficient user validation in ajax_cancel_appointment(), allowing an unauthenticated attacker to cancel other users’ orders. Affected version range includes all versions up to and including 3.11.18. The...

4.3CVSS5.4AI score0.00435EPSS
CVE
CVE
added 2024/03/29 5:35 a.m.57 views

CVE-2024-2842

CVE-2024-2842 concerns the WordPress plugin Easy Appointments. The vulnerability is a Stored Cross-Site Scripting flaw in the plugin’s ea_full_calendar shortcode, caused by insufficient input sanitization and output escaping on user-supplied attributes. Affected versions are all versions up to an...

6.4CVSS7.6AI score0.00323EPSS
CVE
CVE
added 2017/10/23 5:0 p.m.49 views

CVE-2017-15812

CVE-2017-15812 concerns the WordPress plugin Easy Appointments (before 1.12.0). The vulnerability is a cross-site scripting (XSS) flaw in the admin panel’s Settings values, allowing injection via the settings UI. The issue is evidenced across multiple sources in the connected documents, which con...

6.1CVSS5.9AI score0.00728EPSS
CVE
CVE
added 2024/12/09 11:31 a.m.47 views

CVE-2023-30748

CVE-2023-30748 affects WordPress WordPress Easy Appointments plugin, vulnerability: stored XSS due to improper input neutralization during page generation. Applicable to versions

6.1CVSS4.6AI score0.00341EPSS
CVE
CVE
added 2023/07/17 3:12 p.m.43 views

CVE-2022-36424

CVE-2022-36424 documents a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Easy Appointments, affecting versions up to and including 3.11.9. The issue, caused by insufficient CSRF protection for multiple AJAX actions, could allow an attacker to trigger unintended actions o...

8.8CVSS6.5AI score0.00256EPSS