alextselegidis/easyappointments
Packagist14 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting alextselegidis/easyappointmentspage 1 of 1
- CVE-2022-0482CRITICALCVSS 9.1EG 9.1✓ Fixed in 1.4.32022-03-09
vulnerable: 1.1.0 ... 1.4.3-beta.1 (22 versions)
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.
- CVE-2022-1397HIGHCVSS 8.8EG 8.82022-05-10
vulnerable: 1.1.0 ... 1.4.3-beta.1 (23 versions)
API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.
- CVE-2023-1269CRITICALCVSS 9.8EG 9.82023-03-08
vulnerable: 1.1.0 ... 1.4.3-beta.1 (23 versions)
Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
- CVE-2023-1367LOWCVSS 3.8EG 3.8✓ Fixed in 1.5.02023-03-13
vulnerable: 1.1.0 ... 1.4.3-beta.1 (23 versions)
Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
- CVE-2023-2102MEDIUMCVSS 4.8EG 6.82023-04-15
vulnerable: 1.1.0 ... 1.4.3-beta.1 (23 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
- CVE-2023-2103MEDIUMCVSS 5.4EG 5.42023-04-15
vulnerable: 1.1.0 ... 1.4.3-beta.1 (23 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
- CVE-2023-2104MEDIUMCVSS 5.4EG 5.42023-04-15
vulnerable: 1.1.0 ... 1.4.3-beta.1 (23 versions)
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
- CVE-2023-2105HIGHCVSS 8.8EG 5.42023-04-15
vulnerable: 1.1.0 ... 1.4.3-beta.1 (23 versions)
Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
- CVE-2023-3700MEDIUMCVSS 6.3EG 6.3✓ Fixed in 1.5.02023-07-17
vulnerable: 1.1.0 ... 1.4.3-beta.1 (23 versions)
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
- CVE-2024-57601MEDIUMCVSS 6.1EG 6.12025-02-12
vulnerable: 1.1.0 ... 1.4.3-beta.1 (23 versions)
Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legal_settings parameter.
- CVE-2024-57602CRITICALCVSS 9.8EG 9.82025-02-12
vulnerable: 1.1.0 ... 1.4.3-beta.1 (23 versions)
An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file.
- CVE-2025-29448HIGHCVSS 7.5EG 7.52025-05-07
vulnerable: 1.1.0 ... 1.4.3-beta.1 (23 versions)
Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking availability.
- CVE-2025-50383HIGHCVSS 8.1EG 8.1✓ Fixed in 1.5.2-beta.12025-08-25
vulnerable: 1.1.0 ... 1.4.3-beta.1 (23 versions)
alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter.
- CVE-2026-23622HIGHCVSS 8.8EG 8.82026-01-15
vulnerable: 1.1.0 ... 1.5.2 (24 versions)
Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EA_Security.php::csrf_verify() only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perf…
Check whether alextselegidis/easyappointments is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for alextselegidis/easyappointments CVEs against the assets you own.
Start Free Scan →