Easyappointments Easy\!appointments

9 CVEs affecting Easyappointments Easy\!appointments. Latest disclosed: 2026-01-15. Critical: 0, High: 4.

Top CVEs affecting Easyappointments Easy\!appointments
CVESeverityScorePublishedSummary
CVE-2026-23622High8.82026-01-15Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EA_Security.php::csrf_verify() only enforces CSRF for POST req…
CVE-2025-50383High8.12025-08-25alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter.
CVE-2025-29448High7.52025-05-07Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of ser…
CVE-2018-13063High7.52020-03-16Easy!Appointments 1.3.0 has a Missing Authorization issue allowing retrieval of hashed passwords and salts.
CVE-2018-13060Medium6.52020-03-16Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue.
CVE-2024-0698Medium6.42024-03-05The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyappointments' shortcode in all versions up to, an…
CVE-2023-32295Medium6.32024-04-11Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3.
CVE-2019-14936Medium5.32019-09-11Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash).
CVE-2025-31828Medium4.32025-04-01Cross-Site Request Forgery (CSRF) vulnerability in alextselegidis Easy!Appointments easyappointments allows Cross Site Request Forgery.This issue affects Easy!…