Appointment Hour Booking
Approved changes feed: RSS · Atom
cpe:2.3:a:dwbooster:appointment_hour_booking:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Dwbooster (68f45f7b-4028-5f7d-8f51-d831b376be86) |
|---|---|
| Product | Appointment Hour Booking (d32fcd61-f2ec-5cac-b6aa-1c1f22d4e1ec) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-4036 |
vulnerable | 2026-06-08 05:51:36.595512 |
Appointment Hour Booking <= 1.3.72 - CAPTCHA Bypass
MEDIUM (5.3)
The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie.
Published: 2022-11-29T20:34:59.668Z
Updated: 2026-04-08T17:33:29.365Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4035 |
vulnerable | 2026-06-08 05:51:36.593163 |
Appointment Hour Booking <= 1.3.72 - Unauthenticated iFrame Injection via Appointment Form
HIGH (7.2)
The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for unauthenticated attackers to inject iFrames when submitting a booking that will execute whenever a user accesses the injected booking details page.
Published: 2022-11-29T20:32:28.799Z
Updated: 2026-04-08T17:04:59.039Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4034 |
vulnerable | 2026-06-08 05:51:36.592553 |
Appointment Hour Booking <= 1.3.72 - CSV Injection
MEDIUM (5.8)
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
Published: 2022-11-29T20:30:15.537Z
Updated: 2026-04-08T17:16:42.410Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-41692 |
vulnerable | 2026-06-08 05:48:30.796625 |
WordPress Appointment Hour Booking plugin <= 1.3.71 - Missing Authorization vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress.
Published: 2022-11-18T18:54:29.858Z
Updated: 2026-04-28T16:07:49.692Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1710 |
vulnerable | 2026-06-08 05:39:13.781272 |
Appointment Hour Booking < 1.3.56 - Admin+ Stored Cross-Site Scripting
The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
Published: 2022-06-13T12:42:28.000Z
Updated: 2024-08-03T00:10:03.840Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-24712 |
vulnerable | 2026-06-08 05:30:39.058956 |
Appointment Hour Booking – WordPress Booking Plugin < 1.3.17 - Authenticated Stored XSS
The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars.
Published: 2021-10-11T10:45:47.000Z
Updated: 2024-08-03T19:42:16.117Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-24673 |
vulnerable | 2026-06-08 05:30:38.984126 |
Appointment Hour Booking < 1.3.16 - Authenticated Stored Cross-Site Scripting
The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Published: 2021-10-04T11:20:18.000Z
Updated: 2024-08-03T19:42:16.089Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.