WordPress Plugin Vulnerabilities

Easy Appointments < 3.12.22 - Missing Authorization

Description

The Easy Appointments plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.12.21. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
easy-appointments
Fixed in 3.12.22

References

CVE
CVE-2026-39513
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/c8f0456d-078e-4962-98a3-d1451b01b75f

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Martín Martín
Verified
No
WPVDB ID
ee399e63-7a6b-4b59-b604-391c3747c360

Timeline

Publicly Published
2026-04-13 (about 1 month ago)
Added
2026-04-21 (about 22 days ago)
Last Updated
2026-04-21 (about 22 days ago)

Other

Published
Title
Published
2024-11-27
Title
Image Alt Text < 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Image Alt Text Update
Published
2024-02-26
Title
ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Missing Authorization to Settings Update
Published
2025-04-24
Title
WP Customize Login Page <= 1.6.5 - Missing Authorization
Published
2022-11-09
Title
WPML < 4.5.11 - Subscriber+ Translation Job Status Update
Published
2022-11-01
Title
WatchTowerHQ < 3.6.16 - Unauthenticated Arbitrary File Access