Filtered by vendor Easyappointments
Subscriptions
Total
35 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29448 | 1 Easyappointments | 1 Easy\!appointments | 2026-01-28 | 7.5 High |
| Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking availability. | ||||
| CVE-2026-23622 | 2 Alextselegidis, Easyappointments | 2 Easyappointments, Easy\!appointments | 2026-01-28 | 8.8 High |
| Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EA_Security.php::csrf_verify() only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from GET (or $_REQUEST), so an attacker can perform CSRF by forcing a victim's browser to issue a crafted GET request. Impact: creation of admin accounts, modification of admin email/password, and full admin account takeover. | ||||
| CVE-2025-50383 | 2 Alextselegidis, Easyappointments | 2 Easyappointments, Easy\!appointments | 2025-10-01 | 8.1 High |
| alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter. | ||||
| CVE-2024-57601 | 1 Easyappointments | 1 Easyappointments | 2025-09-29 | 6.1 Medium |
| Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legal_settings parameter. | ||||
| CVE-2025-31828 | 1 Easyappointments | 1 Easy\!appointments | 2025-07-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in alextselegidis Easy!Appointments allows Cross Site Request Forgery. This issue affects Easy!Appointments: from n/a through 1.4.2. | ||||
| CVE-2023-32295 | 1 Easyappointments | 1 Easy\!appointments | 2025-06-17 | 6.3 Medium |
| Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3. | ||||
| CVE-2024-0698 | 1 Easyappointments | 1 Easy\\!appointments | 2025-03-24 | 6.4 Medium |
| The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-57602 | 1 Easyappointments | 1 Easyappointments | 2025-03-18 | 9.8 Critical |
| An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file. | ||||
| CVE-2023-1269 | 1 Easyappointments | 1 Easyappointments | 2025-03-05 | 9.8 Critical |
| Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2023-1367 | 1 Easyappointments | 1 Easyappointments | 2025-02-27 | 3.8 Low |
| Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2023-2105 | 1 Easyappointments | 1 Easyappointments | 2025-02-06 | 8.8 High |
| Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2023-2104 | 1 Easyappointments | 1 Easyappointments | 2025-02-06 | 5.4 Medium |
| Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2023-2103 | 1 Easyappointments | 1 Easyappointments | 2025-02-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2023-2102 | 1 Easyappointments | 1 Easyappointments | 2025-02-06 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2024-2844 | 2 Easy-appointments, Easyappointments | 2 Easy Appointments, Easyappointments | 2025-02-05 | 4.3 Medium |
| The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders. | ||||
| CVE-2023-3700 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 6.3 Medium |
| Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2023-3290 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 5 Medium |
| A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation. | ||||
| CVE-2023-3289 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 7.7 High |
| A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). This results in unauthorized data manipulation. | ||||
| CVE-2023-3288 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 8.5 High |
| A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. This results in privilege escalation. | ||||
| CVE-2023-3287 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.9 Critical |
| A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This results in privilege escalation. | ||||