PatchSiren

easyappointments CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM easyappointments CVE published 2026-07-10

CVE-2026-11992

The Easy Appointments plugin for WordPress has an authorization bypass vulnerability in all versions up to and including 3.12.27. This allows authenticated attackers with author-level access and above to cancel all upcoming appointments site-wide by marking every future appointment as abandoned. The vulnerability has a CVSS score of 4.3 and a severity of MEDIUM. Users of the Easy Appointments plugin for W [truncated]