Easyappointments Easy\!appointments
9 CVEs affecting Easyappointments Easy\!appointments. Latest disclosed: 2026-01-15. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-23622 | High | 8.8 | 2026-01-15 | Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EA_Security.php::csrf_verify() only enforces CSRF for POST req… |
CVE-2025-50383 | High | 8.1 | 2025-08-25 | alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter. |
CVE-2025-29448 | High | 7.5 | 2025-05-07 | Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of ser… |
CVE-2018-13063 | High | 7.5 | 2020-03-16 | Easy!Appointments 1.3.0 has a Missing Authorization issue allowing retrieval of hashed passwords and salts. |
CVE-2018-13060 | Medium | 6.5 | 2020-03-16 | Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue. |
CVE-2024-0698 | Medium | 6.4 | 2024-03-05 | The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyappointments' shortcode in all versions up to, an… |
CVE-2023-32295 | Medium | 6.3 | 2024-04-11 | Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3. |
CVE-2019-14936 | Medium | 5.3 | 2019-09-11 | Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash). |
CVE-2025-31828 | Medium | 4.3 | 2025-04-01 | Cross-Site Request Forgery (CSRF) vulnerability in alextselegidis Easy!Appointments easyappointments allows Cross Site Request Forgery.This issue affects Easy!… |