🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Easy Appointments

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Easy Appointments

Information

Software Type	Plugin
Software Slug	easy-appointments (view on wordpress.org)
Software Status	Active
Software Author	loncar
Software Website	easy-appointments.net
Software Downloads	1,421,782
Software Active Installs	20,000
Software Record Last Updated	April 25, 2024

6 Vulnerabilities

Easy Appointments <= 3.11.18 - Insufficient Authorization

4.3

CVE-2024-2844

Mar 28, 2024

Researcher: Krzysztof Zając

Easy Appointments <= 3.11.18 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-2842

Mar 28, 2024

Researcher: Krzysztof Zając

Easy Appointments <= 3.11.9 - Cross-Site Request Forgery via multiple AJAX actions

6.3

CVE-2022-36424

May 5, 2023

Researcher: István Márton

Easy Appointments <= 3.11.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-30748

Apr 14, 2023

Researcher: István Márton

Easy Appointments <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4668

Dec 27, 2022

Researcher: István Márton

Easy Appointments < 1.12.0 - Cross-Site Scripting

6.1

CVE-2017-15812

Oct 16, 2017

Researcher: Ricardo Sanchez

Title	CVE ID	CVSS	Researchers	Date
Easy Appointments <= 3.11.18 - Insufficient Authorization	CVE-2024-2844	4.3	Krzysztof Zając	March 28, 2024
Easy Appointments <= 3.11.18 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-2842	6.4	Krzysztof Zając	March 28, 2024
Easy Appointments <= 3.11.9 - Cross-Site Request Forgery via multiple AJAX actions	CVE-2022-36424	6.3	István Márton	May 5, 2023
Easy Appointments <= 3.11.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-30748	4.4	István Márton	April 14, 2023
Easy Appointments <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4668	6.4	István Márton	December 27, 2022
Easy Appointments < 1.12.0 - Cross-Site Scripting	CVE-2017-15812	6.1	Ricardo Sanchez	October 16, 2017

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation