alextselegidis

A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (custo…

A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any …

A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauth…

A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system (including admin). This r…

The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and incl…

Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0.