Easyappointments

easyappointments

34 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Easy!appointments

easy!appointments

CVEs (34)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-32295 1Easyappointments 1Easy!appointments Jun 17, 2025 Apr 11, 2024 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3.
CVE-2024-0698 1Easyappointments 1Easy!appointments Apr 8, 2026 Mar 5, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyappointments' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and...Show more The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyappointments' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2023-3700 1Easyappointments 1Easy!appointments Nov 21, 2024 Jul 17, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVE-2023-2105 1Easyappointments 1Easy!appointments Feb 6, 2025 Apr 15, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVE-2023-2104 1Easyappointments 1Easy!appointments Feb 6, 2025 Apr 15, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVE-2023-2103 1Easyappointments 1Easy!appointments Feb 6, 2025 Apr 15, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVE-2023-2102 1Easyappointments 1Easy!appointments Feb 6, 2025 Apr 15, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVE-2023-1367 1Easyappointments 1Easy!appointments Nov 21, 2024 Mar 13, 2023 N/A· v4 3.8 LOW· v3 N/A· v2 Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVE-2023-1269 1Easyappointments 1Easy!appointments Nov 21, 2024 Mar 8, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVE-2022-1397 1Easyappointments 1Easy!appointments Nov 21, 2024 May 10, 2022 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.
CVE-2022-0482 1Easyappointments 1Easy!appointments Nov 21, 2024 Mar 9, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.
CVE-2018-13063 1Easyappointments 1Easy!appointments Nov 21, 2024 Mar 16, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Easy!Appointments 1.3.0 has a Missing Authorization issue allowing retrieval of hashed passwords and salts.
CVE-2018-13060 1Easyappointments 1Easy!appointments Nov 21, 2024 Mar 16, 2020 N/A· v4 6.5 MEDIUM· v3 5.0 MEDIUM· v2 Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue.
CVE-2019-14936 1Easyappointments 1Easy!appointments Nov 21, 2024 Sep 11, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash).