Vendor
The Easy Appointments WordPress plugin through version 3.12.21 exposes sensitive customer appointment data, including names, emails, phone numbers, and IP addresses, due to an improperly secured REST API endpoint.