Easy Appointments
Moderate fix1 remedy
cpe:2.3:a:easy-appointments:easy_appointments:*:*:*:*:wordpress:*:*, +1 more
Moderate fix1 remedy
- <= 3.12.21
Easy Appointments WordPress Plugin Sensitive Information Exposure Vulnerability
Vulnerability
Patched
A vulnerability allowing sensitive information exposure has been identified in the Easy Appointments WordPress plugin, in all versions through 3.12.21. The issue arises from the REST API endpoint '/wp-json/wp/v2/eablocks/ea_appointments/' being registered with a permission callback that allows unauthenticated access. This flaw enables attackers to extract confidential customer appointment details, including names, email addresses, phone numbers, IP addresses, appointment descriptions, and pricing information.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive customer appointment data.
Reproduction
The vulnerability can be reproduced by sending a GET request to the '/wp-json/wp/v2/eablocks/ea_appointments/' endpoint without authentication. This can be done using a tool like Postman or through a browser, as the endpoint is accessible to unauthenticated users.
Remediation
Users are advised to update the Easy Appointments WordPress plugin to version 3.12.22 or later.
Added: Apr 18, 2026, 12:34 AM
Updated: Apr 18, 2026, 12:34 AM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
2.5exploitability
9.3remediation
7.7relevance
6.2threat
5.8urgency
2.9incentive
8.3Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.