Easyappointments: Security Vulnerabilities
The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.001
Published
2024-03-05
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-07-17
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-04-15
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-04-15
Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-04-15
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-04-15
Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS Score
6.0
EPSS Score
0.001
Published
2023-03-13
Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-03-08
API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-05-10
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.
CVSS Score
9.1
EPSS Score
0.933
Published
2022-03-09