Hacking code to make the internet a safer place.

Over the last few years, I discovered more than 70 new vulnerabilities, half of which are in open-source software.

Easy!Appointments

API Privilege Escalation

CVE-2022-1397

Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed. On Easy!Appointments API authorization is checked against the user's existence, without validating the permissions. As a result, a low privileged user can take over the system.

WordPress