Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
alextselegidis

Vulnerabilities

CVE-2023-38054

CRITICAL

A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.

Published Jul 09, 2024

CVE-2023-38049

CRITICAL

A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation.

Published Jul 09, 2024

CVE-2023-3290

MEDIUM

A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation.

Published Jul 09, 2024

CVE-2023-3285

HIGH

A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system (including admin). This results in unauthorized data manipulation.

Published Jul 09, 2024

CVE-2024-0698

MEDIUM

The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Published Mar 05, 2024

CVE-2023-3700

MEDIUM

Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

Published Jul 17, 2023

CVE-2023-3568

MEDIUM

Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

Published Jul 10, 2023

CVE-2023-2104

MEDIUM

Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

Published Apr 15, 2023

CVE-2023-2103

MEDIUM

Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

Published Apr 15, 2023

CVE-2023-2105

MEDIUM

Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

Published Apr 15, 2023

CVE-2023-2102

MEDIUM

Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

Published Apr 15, 2023

CVE-2023-1367

MEDIUM

Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

Published Mar 13, 2023

CVE-2023-1269

MEDIUM

Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

Published Mar 08, 2023

CVE-2022-1397

HIGH

API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.

Published May 10, 2022

CVE-2022-0482

CRITICAL

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.

Published Mar 09, 2022