← Back

Easy Appointments

easy-appointments

6 CVEs • 1 product

Products (1)

Click to collapse
Toggle

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Easy Appointments
1Easy Appointments
Jun 17, 2026
Dec 9, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikola Loncar Easy Appointments allows Stored XSS.This issue affects Easy Appointments: from n/a through 3.10.7.
1Easy Appointments
1Easy Appointments
Jun 17, 2026
Mar 29, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. T...Show more
The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders.Show less
1Easy Appointments
1Easy Appointments
Jun 17, 2026
Mar 29, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ea_full_calendar' shortcode in all versions up to, and including, 3.11.18 due to insufficient input sanitization a...Show more
The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ea_full_calendar' shortcode in all versions up to, and including, 3.11.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
1Easy Appointments
1Easy Appointments
Jun 17, 2026
Jul 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Nikola Loncar Easy Appointments plugin <= 3.11.9 versions.
1Easy Appointments
1Easy Appointments
Jun 17, 2026
Jan 23, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to per...Show more
The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.Show less
1Easy Appointments
1Easy Appointments
May 13, 2026
Oct 23, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin panel.