Vulnerabilities > Easy Appointments

DATE CVE VULNERABILITY TITLE RISK
2024-12-09 CVE-2023-30748 Cross-site Scripting vulnerability in Easy-Appointments Easy Appointments
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikola Loncar Easy Appointments allows Stored XSS.This issue affects Easy Appointments: from n/a through 3.10.7.
network
low complexity
easy-appointments CWE-79
6.1
6.1
2024-03-29 CVE-2024-2842 Cross-site Scripting vulnerability in Easy-Appointments Easy Appointments
The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ea_full_calendar' shortcode in all versions up to, and including, 3.11.18 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
easy-appointments CWE-79
5.4
5.4
2023-07-17 CVE-2022-36424 Cross-Site Request Forgery (CSRF) vulnerability in Easy-Appointments Easy Appointments
Cross-Site Request Forgery (CSRF) vulnerability in Nikola Loncar Easy Appointments plugin <= 3.11.9 versions.
network
low complexity
easy-appointments CWE-352
8.8
8.8
2023-01-23 CVE-2022-4668 Unspecified vulnerability in Easy-Appointments Easy Appointments
The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
network
low complexity
easy-appointments
5.4
5.4
2017-10-23 CVE-2017-15812 Cross-site Scripting vulnerability in Easy-Appointments Easy Appointments
The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin panel.
network
low complexity
easy-appointments CWE-79
6.1
6.1