MEDIUM
easyappointments
CVE published 2026-07-10
CVE-2026-11992
The Easy Appointments plugin for WordPress has an authorization bypass vulnerability in all versions up to and including 3.12.27. This allows authenticated attackers with author-level access and above to cancel all upcoming appointments site-wide by marking every future appointment as abandoned. The vulnerability has a CVSS score of 4.3 and a severity of MEDIUM. Users of the Easy Appointments plugin for W [truncated]