Product
easyappointments
40 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-23622
CVE-2025-50383
CVE-2025-29448
CVE-2025-31828
CVE-2024-57602
CVE-2024-57601
CVE-2023-30748
CVE-2023-3290
CVE-2023-3289
CVE-2023-3288
CVE-2023-3287
CVE-2023-3286
CVE-2023-38055
CVE-2023-38054
CVE-2023-38053
CVE-2023-38052
CVE-2023-38051
CVE-2023-38050
CVE-2023-38049
CVE-2023-38048
CVE-2023-38047
CVE-2023-32295
CVE-2024-2844
CVE-2024-2842
CVE-2024-0698
CVE-2022-36424
CVE-2023-3700
CVE-2023-2105
CVE-2023-2104
CVE-2023-2103
CVE-2023-2102
CVE-2023-1367
CVE-2023-1269
CVE-2022-4668
CVE-2022-1397
CVE-2022-0482
CVE-2018-13063
CVE-2018-13060
CVE-2019-14936
CVE-2017-15812
<= 1.5.2
Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EA_Security.php::csrf_verify() on
all versions
alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter.
all versions
Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durat
<= 1.4.2
Cross-Site Request Forgery (CSRF) vulnerability in alextselegidis Easy!Appointments easyappointments allows Cross Site Request For
all versions
An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file.
all versions
Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code
< 3.11.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikola Loncar Easy Appointme
< 1.5.0
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. Thi
< 1.5.0
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admi
< 1.5.0
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. This re
< 1.5.0
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This res
< 1.5.0
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system.
< 1.5.0
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the service
< 1.5.0
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low pri
< 1.5.0
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the setti
< 1.5.0
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileg
< 1.5.0
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low
< 1.5.0
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook o
< 1.5.0
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an
< 1.5.0
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privile
< 1.5.0
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the cate
< 1.4.0
Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.
< 3.11.19
The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation
< 3.11.9
The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ea_full_calendar' shortc
< 1.3.2
The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyappointments' shortc
<= 3.11.9
Cross-Site Request Forgery (CSRF) vulnerability in Nikola Loncar Easy Appointments plugin <= 3.11.9 versions.
< 1.5.0
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
< 1.5.0
Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
< 1.5.0
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
< 1.5.0
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
< 1.5.0
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
< 1.5.0
Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
< 1.5.0
Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
< 3.11.2
The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputti
< 1.5.0
API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.
< 1.4.3
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.
< 1.2.1
Easy!Appointments 1.3.0 has a Missing Authorization issue allowing retrieval of hashed passwords and salts.
< 1.2.1
Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue.
all versions
Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash).
<= 1.11.7
The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin panel.