Easy Appointments@* Security Vulnerabilities and Issues — Easy Appointments@* CVE List

Lucene search

Easy-appointmentsEasy Appointments*

4 matches found

CVE•added 2023/01/23 3:15 p.m.•50 views

CVE-2022-4668

The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privi...

5.4CVSS5.3AI score0.00119EPSS

CVE•added 2024/03/29 6:15 a.m.•47 views

CVE-2024-2844

The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users order...

4.3CVSS5.4AI score0.00086EPSS

CVE•added 2024/03/29 6:15 a.m.•38 views

CVE-2024-2842

The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ea_full_calendar' shortcode in all versions up to, and including, 3.11.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for auth...

6.4CVSS7.6AI score0.00168EPSS

CVE•added 2024/12/09 1:15 p.m.•37 views

CVE-2023-30748

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikola Loncar Easy Appointments allows Stored XSS.This issue affects Easy Appointments: from n/a through 3.10.7.

6.1CVSS4.6AI score0.00088EPSS