Export limit exceeded: 324783 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (28 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-23622 | 2 Alextselegidis, Easyappointments | 2 Easyappointments, Easy\!appointments | 2026-01-28 | 8.8 High |
| Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EA_Security.php::csrf_verify() only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from GET (or $_REQUEST), so an attacker can perform CSRF by forcing a victim's browser to issue a crafted GET request. Impact: creation of admin accounts, modification of admin email/password, and full admin account takeover. | ||||
| CVE-2025-50383 | 2 Alextselegidis, Easyappointments | 2 Easyappointments, Easy\!appointments | 2025-10-01 | 8.1 High |
| alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter. | ||||
| CVE-2024-57601 | 1 Easyappointments | 1 Easyappointments | 2025-09-29 | 6.1 Medium |
| Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legal_settings parameter. | ||||
| CVE-2024-57602 | 1 Easyappointments | 1 Easyappointments | 2025-03-18 | 9.8 Critical |
| An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file. | ||||
| CVE-2023-1269 | 1 Easyappointments | 1 Easyappointments | 2025-03-05 | 9.8 Critical |
| Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2023-1367 | 1 Easyappointments | 1 Easyappointments | 2025-02-27 | 3.8 Low |
| Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2023-2105 | 1 Easyappointments | 1 Easyappointments | 2025-02-06 | 8.8 High |
| Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2023-2104 | 1 Easyappointments | 1 Easyappointments | 2025-02-06 | 5.4 Medium |
| Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2023-2103 | 1 Easyappointments | 1 Easyappointments | 2025-02-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2023-2102 | 1 Easyappointments | 1 Easyappointments | 2025-02-06 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2024-2844 | 2 Easy-appointments, Easyappointments | 2 Easy Appointments, Easyappointments | 2025-02-05 | 4.3 Medium |
| The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders. | ||||
| CVE-2023-3700 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 6.3 Medium |
| Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2023-3290 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 5 Medium |
| A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation. | ||||
| CVE-2023-3289 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 7.7 High |
| A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). This results in unauthorized data manipulation. | ||||
| CVE-2023-3288 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 8.5 High |
| A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. This results in privilege escalation. | ||||
| CVE-2023-3287 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.9 Critical |
| A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This results in privilege escalation. | ||||
| CVE-2023-3286 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 7.7 High |
| A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system. This results in unauthorized data manipulation. | ||||
| CVE-2023-38055 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.6 Critical |
| A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation. | ||||
| CVE-2023-38054 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.9 Critical |
| A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation. | ||||
| CVE-2023-38053 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.9 Critical |
| A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation. | ||||