6 matches found
CVE-2022-4668
CVE-2022-4668 affects the Easy Appointments WordPress plugin (versions before 3.11.2). The issue is that shortcode attributes are not validated/escaped before output, enabling Stored Cross‑Site Scripting by users with as little as a contributor against high‑privilege users (e.g., admins). A PoC e...
CVE-2024-2844
CVE-2024-2844 concerns the Easy Appointments WordPress plugin. The vulnerability arises from insufficient user validation in ajax_cancel_appointment(), allowing an unauthenticated attacker to cancel other users’ orders. Affected version range includes all versions up to and including 3.11.18. The...
CVE-2024-2842
CVE-2024-2842 concerns the WordPress plugin Easy Appointments. The vulnerability is a Stored Cross-Site Scripting flaw in the plugin’s ea_full_calendar shortcode, caused by insufficient input sanitization and output escaping on user-supplied attributes. Affected versions are all versions up to an...
CVE-2017-15812
CVE-2017-15812 concerns the WordPress plugin Easy Appointments (before 1.12.0). The vulnerability is a cross-site scripting (XSS) flaw in the admin panel’s Settings values, allowing injection via the settings UI. The issue is evidenced across multiple sources in the connected documents, which con...
CVE-2023-30748
CVE-2023-30748 affects WordPress WordPress Easy Appointments plugin, vulnerability: stored XSS due to improper input neutralization during page generation. Applicable to versions
CVE-2022-36424
CVE-2022-36424 documents a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Easy Appointments, affecting versions up to and including 3.11.9. The issue, caused by insufficient CSRF protection for multiple AJAX actions, could allow an attacker to trigger unintended actions o...