cbcvebase.

Easy-Appointments Easy Appointments vulnerabilities

6 known vulnerabilities affecting easy-appointments/easy_appointments.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2022-36424P3HIGHCVSS 8.8≤ 3.11.92023-07-17
CVE-2022-36424 [HIGH] CWE-352 CVE-2022-36424: Cross-Site Request Forgery (CSRF) vulnerability in Nikola Loncar Easy Appointments plugin <= 3.11.9 Cross-Site Request Forgery (CSRF) vulnerability in Nikola Loncar Easy Appointments plugin <= 3.11.9 versions.
nvd
CVE-2023-30748P4MEDIUMCVSS 6.1fixed in 3.11.12024-12-09
CVE-2023-30748 [MEDIUM] CWE-79 CVE-2023-30748: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikola Loncar Easy Appointments allows Stored XSS.This issue affects Easy Appointments: from n/a through 3.10.7.
nvd
CVE-2022-4668P4MEDIUMCVSS 5.4fixed in 3.11.22023-01-23
CVE-2022-4668 [MEDIUM] CWE-79 CVE-2022-4668: The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortc The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
nvd
CVE-2017-15812P4MEDIUMCVSS 6.1≤ 1.11.72017-10-23
CVE-2017-15812 [MEDIUM] CWE-79 CVE-2017-15812: The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin panel.
nvd
CVE-2024-2842P4MEDIUMCVSS 5.4fixed in 3.11.92024-03-29
CVE-2024-2842 [MEDIUM] CWE-79 CVE-2024-2842: The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ea_full_calendar' shortcode in all versions up to, and including, 3.11.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and
nvd
CVE-2024-2844P4MEDIUMCVSS 4.3fixed in 3.11.192024-03-29
CVE-2024-2844 [MEDIUM] CWE-862 CVE-2024-2844: The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders.
nvd
Easy-Appointments Easy Appointments vulnerabilities | cvebase