CVE-2024-2844

Name of the Vulnerable Software and Affected Versions Easy Appointments plugin for WordPress versions up to, and including, 3.11.18

Description The issue arises from insufficient user validation on the ajax cancel appointment() function, allowing unauthenticated attackers to cancel other users' orders. This enables unauthorized modification of data.

Recommendations For versions up to, and including, 3.11.18, update to a version higher than 3.11.18 to resolve the issue. As a temporary workaround, consider disabling the ajax cancel appointment() function until a patch is available.