Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-29448 | 1 Easyappointments | 1 Easy\!appointments | 2026-01-28 | N/A | 7.5 HIGH |
| Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking availability. | |||||
| CVE-2026-23622 | 1 Easyappointments | 1 Easy\!appointments | 2026-01-28 | N/A | 8.8 HIGH |
| Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EA_Security.php::csrf_verify() only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from GET (or $_REQUEST), so an attacker can perform CSRF by forcing a victim's browser to issue a crafted GET request. Impact: creation of admin accounts, modification of admin email/password, and full admin account takeover. | |||||
| CVE-2025-50383 | 1 Easyappointments | 1 Easy\!appointments | 2025-10-01 | N/A | 8.1 HIGH |
| alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter. | |||||
| CVE-2025-31828 | 1 Easyappointments | 1 Easy\!appointments | 2025-07-08 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in alextselegidis Easy!Appointments allows Cross Site Request Forgery. This issue affects Easy!Appointments: from n/a through 1.4.2. | |||||
| CVE-2023-32295 | 1 Easyappointments | 1 Easy\!appointments | 2025-06-17 | N/A | 6.3 MEDIUM |
| Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3. | |||||
| CVE-2019-14936 | 1 Easyappointments | 1 Easy\!appointments | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash). | |||||
| CVE-2018-13063 | 1 Easyappointments | 1 Easy\!appointments | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Easy!Appointments 1.3.0 has a Missing Authorization issue allowing retrieval of hashed passwords and salts. | |||||
| CVE-2018-13060 | 1 Easyappointments | 1 Easy\!appointments | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue. | |||||