<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Easy Appointments - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/vendors/easy-appointments/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Wed, 03 Jan 2024 12:00:00 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/vendors/easy-appointments/feed.xml" rel="self" type="application/rss+xml"/><item><title>Easy Appointments WordPress Plugin Sensitive Data Exposure</title><link>https://feed.craftedsignal.io/briefs/2024-01-easy-appointments-leak/</link><pubDate>Wed, 03 Jan 2024 12:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-easy-appointments-leak/</guid><description>The Easy Appointments WordPress plugin through version 3.12.21 exposes sensitive customer appointment data, including names, emails, phone numbers, and IP addresses, due to an improperly secured REST API endpoint.</description><content:encoded><![CDATA[<p>The Easy Appointments plugin for WordPress, a popular tool for managing customer bookings, contains a critical vulnerability (CVE-2026-2262) affecting versions up to and including 3.12.21. The vulnerability stems from an improperly configured REST API endpoint (<code>/wp-json/wp/v2/eablocks/ea_appointments/</code>) that grants unauthenticated access to sensitive customer data. This flaw allows remote attackers to retrieve personal information, potentially leading to identity theft, phishing attacks, or other malicious activities. The affected endpoint fails to implement adequate permission checks, exposing a wide range of sensitive data. This vulnerability poses a significant risk to organizations using the Easy Appointments plugin, as it can lead to the compromise of customer data and potential legal repercussions.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An unauthenticated attacker identifies a WordPress site using the Easy Appointments plugin (version &lt;= 3.12.21).</li>
<li>The attacker crafts an HTTP GET request to the vulnerable REST API endpoint: <code>/wp-json/wp/v2/eablocks/ea_appointments/</code>.</li>
<li>The WordPress server processes the request without requiring authentication due to the misconfigured <code>'permission_callback' =&gt; '__return_true'</code> setting.</li>
<li>The server retrieves sensitive appointment data, including customer full names, email addresses, phone numbers, and IP addresses.</li>
<li>The server returns the data in JSON format within the HTTP response body.</li>
<li>The attacker parses the JSON response to extract the desired information.</li>
<li>The attacker can repeat the request to enumerate and collect data for all appointments stored within the plugin.</li>
<li>The attacker may use the stolen data for malicious purposes, such as identity theft, targeted phishing campaigns, or selling the data on the dark web.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-2262 can lead to the exposure of sensitive customer data, potentially affecting thousands of users. Organizations in various sectors, including healthcare, education, and small businesses that use the Easy Appointments plugin, are at risk. The exposed data includes personally identifiable information (PII) such as full names, email addresses, phone numbers, and IP addresses. This information can be used for identity theft, targeted phishing attacks, and other malicious activities, leading to financial losses, reputational damage, and legal liabilities. The CVSS v3.1 base score is 7.5, indicating a high severity vulnerability.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Apply the latest patch or upgrade to a version of the Easy Appointments plugin beyond 3.12.21 to remediate CVE-2026-2262.</li>
<li>Deploy the Sigma rule &quot;Detect Unauthenticated Access to Easy Appointments API Endpoint&quot; to identify potential exploitation attempts targeting the vulnerable REST API endpoint.</li>
<li>Monitor web server logs for requests to <code>/wp-json/wp/v2/eablocks/ea_appointments/</code> without proper authentication credentials to detect suspicious activity related to the exposed REST API endpoint.</li>
<li>Implement rate limiting on the <code>/wp-json/wp/v2/eablocks/ea_appointments/</code> endpoint to mitigate potential data exfiltration attempts.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>wordpress</category><category>plugin</category><category>sensitive-data-exposure</category><category>rest-api</category></item></channel></rss>