Information Exposure Affecting alextselegidis/easyappointments package, versions <1.6.0


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.19% (9th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PHP-ALEXTSELEGIDISEASYAPPOINTMENTS-17972367
  • published14 Jul 2026
  • disclosed14 Jul 2026
  • creditUnknown

Introduced: 14 Jul 2026

NewCVE-2026-55651  (opens in a new tab)
CWE-200  (opens in a new tab)

How to fix?

Upgrade alextselegidis/easyappointments to version 1.6.0 or higher.

Overview

alextselegidis/easyappointments is a powerful Open Source Appointment Scheduler that can be installed on your server.

Affected versions of this package are vulnerable to Information Exposure via the customers search endpoint. An attacker can access appointment hashes belonging to other users by sending crafted requests, allowing them to modify or delete appointments of other providers.

References

CVSS Base Scores

version 4.0
version 3.1