Security Advisory

CVE-2024-2844

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-03-29 05:35:33

Last updated 2026-04-08 17:19:42

Assigner Wordfence

State PUBLISHED

Description

The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders.

← Browse all CVEs View on cve.org ↗