CVE Tools

easyappointments

Web & CMS Pluginscommercial

20

Cumulative CVEs

3

Monthly snapshots

#54

Peak rank

Top products

easyappointments14

Latest CVEs

The 15 most recently published vulnerabilities affecting easyappointments.

CVE-2026-2262Easy Appointments <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API7.5Apr 17, 2026
CVE-2026-23622CSRF Protection Bypass: Sensitive endpoints accept GET requests, enabling admin account takeover8.8Jan 15, 2026
CVE-2025-50383alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter.8.1Aug 25, 2025
CVE-2025-29448Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking av...7.5May 7, 2025
CVE-2025-31828WordPress Easy!Appointments plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability4.3Apr 1, 2025
CVE-2024-57602An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file.9.8Feb 12, 2025
CVE-2024-57601Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legal_settings parameter.6.1Feb 12, 2025
CVE-2023-3288A BOLA vulnerability in POST /providers in EasyAppointments < 1.5.08.5Jul 9, 2024
CVE-2023-38055A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} in EasyAppointments < 1.5.09.6Jul 9, 2024
CVE-2023-38054A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} in EasyAppointments < 1.5.09.9Jul 9, 2024
CVE-2023-38053A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} in EasyAppointments < 1.5.09.9Jul 9, 2024
CVE-2023-38052A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} in EasyAppointments < 1.5.09.9Jul 9, 2024
CVE-2023-38051A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} in EasyAppointments < 1.5.09.9Jul 9, 2024
CVE-2023-38050A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} in EasyAppointments < 1.5.09.1Jul 9, 2024
CVE-2023-38049A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} in EasyAppointments < 1.5.09.9Jul 9, 2024