Easy-Appointments Easy Appointments vulnerabilities
6 known vulnerabilities affecting easy-appointments/easy_appointments.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2022-36424P3HIGHCVSS 8.8≤ 3.11.92023-07-17
CVE-2022-36424 [HIGH] CWE-352 CVE-2022-36424: Cross-Site Request Forgery (CSRF) vulnerability in Nikola Loncar Easy Appointments plugin <= 3.11.9
Cross-Site Request Forgery (CSRF) vulnerability in Nikola Loncar Easy Appointments plugin <= 3.11.9 versions.
nvd
CVE-2023-30748P4MEDIUMCVSS 6.1fixed in 3.11.12024-12-09
CVE-2023-30748 [MEDIUM] CWE-79 CVE-2023-30748: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikola Loncar Easy Appointments allows Stored XSS.This issue affects Easy Appointments: from n/a through 3.10.7.
nvd
CVE-2022-4668P4MEDIUMCVSS 5.4fixed in 3.11.22023-01-23
CVE-2022-4668 [MEDIUM] CWE-79 CVE-2022-4668: The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortc
The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
nvd
CVE-2017-15812P4MEDIUMCVSS 6.1≤ 1.11.72017-10-23
CVE-2017-15812 [MEDIUM] CWE-79 CVE-2017-15812: The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin
The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin panel.
nvd
CVE-2024-2842P4MEDIUMCVSS 5.4fixed in 3.11.92024-03-29
CVE-2024-2842 [MEDIUM] CWE-79 CVE-2024-2842: The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug
The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ea_full_calendar' shortcode in all versions up to, and including, 3.11.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and
nvd
CVE-2024-2844P4MEDIUMCVSS 4.3fixed in 3.11.192024-03-29
CVE-2024-2844 [MEDIUM] CWE-862 CVE-2024-2844: The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to
The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders.
nvd