Shodan
Vulnerabilities
Vulnerable Software
Easyappointments:  Security Vulnerabilities
CVE-2023-38051
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.9
EPSS Score
0.001
Published
2024-07-09
CVE-2023-38052
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.9
EPSS Score
0.001
Published
2024-07-09
CVE-2023-38053
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.9
EPSS Score
0.001
Published
2024-07-09
CVE-2023-38054
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.9
EPSS Score
0.001
Published
2024-07-09
CVE-2023-38047
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
8.5
EPSS Score
0.001
Published
2024-07-09
CVE-2023-38048
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.9
EPSS Score
0.001
Published
2024-07-09
CVE-2023-38049
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.9
EPSS Score
0.001
Published
2024-07-09
CVE-2023-32295
Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3.
CVSS Score
6.3
EPSS Score
0.002
Published
2024-04-11
CVE-2024-0698
The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.001
Published
2024-03-05
CVE-2023-3700
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-07-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved