Easyappointments Easy!appointments — known CVE vulnerabilities
Every CVE whose affected-product data names Easyappointments Easy!appointments, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2026-23622 — CVSS 8.8 (high): Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EA_Security.php::csrf_verify() only…
CVE-2025-50383 — CVSS 8.1 (high): alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter.
CVE-2025-29448 — CVSS 7.5 (high): Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations…
CVE-2018-13063 — CVSS 7.5 (high): Easy!Appointments 1.3.0 has a Missing Authorization issue allowing retrieval of hashed passwords and salts.
CVE-2024-0698 — CVSS 6.4 (medium): The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyappointments' shortcode in…
CVE-2023-32295 — CVSS 6.3 (medium): Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3.
CVE-2019-14936 — CVSS 5.3 (medium): Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash).
CVE-2025-31828 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in alextselegidis Easy!Appointments easyappointments allows Cross Site Request Forgery.This…