Filtered by vendor Easyappointments
Subscriptions
Total
27 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-2103 | 1 Easyappointments | 1 Easyappointments | 2024-08-02 | 5.4 Medium |
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
CVE-2023-2105 | 1 Easyappointments | 1 Easyappointments | 2024-08-02 | 8.8 High |
Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
CVE-2023-2102 | 1 Easyappointments | 1 Easyappointments | 2024-08-02 | 4.8 Medium |
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
CVE-2023-2104 | 1 Easyappointments | 1 Easyappointments | 2024-08-02 | 5.4 Medium |
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
CVE-2023-1367 | 1 Easyappointments | 1 Easyappointments | 2024-08-02 | 3.8 Low |
Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
CVE-2023-1269 | 1 Easyappointments | 1 Easyappointments | 2024-08-02 | 9.8 Critical |
Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
CVE-2024-2844 | 1 Easyappointments | 1 Easyappointments | 2024-08-01 | 4.3 Medium |
The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders. |