CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32295 – WordPress Easy!Appointments plugin <= 1.3.3 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2023-32295
Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3. Vulnerabilidad de autorización faltante en Alex Tselegidis Easy!Appointments. • https://patchstack.com/database/vulnerability/easyappointments/wordpress-easy-appointments-plugin-1-3-1-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3700 – Authorization Bypass Through User-Controlled Key in alextselegidis/easyappointments
https://notcve.org/view.php?id=CVE-2023-3700
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0. • https://github.com/alextselegidis/easyappointments/commit/b37b46019553089db4f22eb2fe998bca84b2cb64 https://huntr.dev/bounties/e8d530db-a6a7-4f79-a95d-b77654cc04f8 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2102 – Cross-site Scripting (XSS) - Stored in alextselegidis/easyappointments
https://notcve.org/view.php?id=CVE-2023-2102
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. • https://github.com/alextselegidis/easyappointments/commit/bddc5cbeb7ff237a72943b304dcb01c653781767 https://huntr.dev/bounties/dd7c04a7-a984-4387-9ac4-24596e7ece44 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2103 – Cross-site Scripting (XSS) - Stored in alextselegidis/easyappointments
https://notcve.org/view.php?id=CVE-2023-2103
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. • https://github.com/alextselegidis/easyappointments/commit/46a865300e94c7031cc0e315d95d3e3e56768498 https://huntr.dev/bounties/1df09505-9923-43b9-82ef-15d94bc3f9dc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2104 – Improper Access Control in alextselegidis/easyappointments
https://notcve.org/view.php?id=CVE-2023-2104
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0. • https://github.com/alextselegidis/easyappointments/commit/75b24735767868344193fb2cc56e17ee4b9ac4be https://huntr.dev/bounties/3099b8d1-c49c-41b8-a929-73ccded6fc7c • CWE-284: Improper Access Control •