easy-appointments easy_appointments の CVE(6 件)

CVE 件数: 6 CPE versions: View versions table

概要

本ページは easy-appointments easy_appointments に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。

表示中 16 / 6 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2023-30748 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikola Loncar Easy Appointments allows Stored XSS.This issue affects Easy Appointments: from n/a through 3.10.7. [email protected] 4.3 0.34% 2024-12-09 2026-06-17
CVE-2024-2844 The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders. [email protected] 4.3 0.43% 2024-03-29 2026-06-17
CVE-2024-2842 The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ea_full_calendar' shortcode in all versions up to, and including, 3.11.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. [email protected] 6.4 0.32% 2024-03-29 2026-06-17
CVE-2022-36424 Cross-Site Request Forgery (CSRF) vulnerability in Nikola Loncar Easy Appointments plugin <= 3.11.9 versions. [email protected] 4.3 0.26% 2023-07-17 2026-06-17
CVE-2022-4668 The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. [email protected] 5.4 0.47% 2023-01-23 2026-06-17
CVE-2017-15812 The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin panel. [email protected] 6.1 0.73% 2017-10-23 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence