Easy Appointments < 3.11.10 – Cross-Site Request Forgery | CVE 2022-36424

Affects Plugins

Fixed in 3.11.10

References

CVE

CVE-2022-36424

URL

https://patchstack.com/database/vulnerability/easy-appointments/wordpress-easy-appointments-plugin-3-11-9-cross-site-request-forgery-csrf-vulnerability

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Lana Codes

Verified

No

WPVDB ID

0b061f8a-bb68-476d-9800-4fa76f0f1f94

Timeline

Publicly Published

2023-05-05 (about 2 years ago)

Added

2023-07-18 (about 2 years ago)

Last Updated

2023-07-18 (about 2 years ago)

Other

Published

Title

Published

2024-02-20

Title

RegistrationMagic < 5.2.6.0 - Cross-Site Request Forgery

Published

2025-02-03

Title

ShopSite < 1.5.11 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2024-10-15

Title

File Manager Pro < 8.3.10 - Cross-Site Request Forgery to Arbitrary File Upload

Published

2025-04-04

Title

JobWP < 2.4.0 - Cross-Site Request Forgery

Published

2021-07-06

Title

WP HTML Mail < 3.0.8 - CSRF to XSS