Skip to main content

Easy Appointments

3 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-39513 HIGH This Week

Unauthenticated information disclosure in the Easy Appointments WordPress plugin (versions ≤ 3.12.21) allows remote attackers to access protected appointment data without authentication due to missing authorization checks. Patchstack reports the issue as a broken access control flaw with high confidentiality impact (CVSS 7.5); no public exploit identified at time of analysis, and the plugin is not currently listed in CISA KEV.

Authentication Bypass Easy Appointments
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-50383 PHP HIGH POC PATCH This Week

alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Easy Appointments
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-29448 PHP HIGH PATCH This Week

Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Denial Of Service Easy Appointments
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-39513
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated information disclosure in the Easy Appointments WordPress plugin (versions ≤ 3.12.21) allows remote attackers to access protected appointment data without authentication due to missing authorization checks. Patchstack reports the issue as a broken access control flaw with high confidentiality impact (CVSS 7.5); no public exploit identified at time of analysis, and the plugin is not currently listed in CISA KEV.

Authentication Bypass Easy Appointments
NVD
CVE-2025-50383 PHP
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Easy Appointments
NVD GitHub
CVE-2025-29448 PHP
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Denial Of Service Easy Appointments
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy