Appointment Hour Booking – Booking Calendar
Approved changes feed: RSS · Atom
cpe:2.3:a:codepeople:appointment_hour_booking_–_booking_calendar:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Codepeople (f85d1a73-9b3f-50b5-b09d-cd136586594b) |
|---|---|
| Product | Appointment Hour Booking – Booking Calendar (f697f553-1b99-568e-a132-357f323c6251) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-1083 |
vulnerable | 2026-06-03 15:14:43.734594 |
Appointment Hour Booking – Booking Calendar <= 1.5.60 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Min/Max Length' Field Configuration
MEDIUM (4.4)
The Appointment Hour Booking – Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form field configuration parameters in all versions up to, and including, 1.5.60 due to insufficient input sanitization and output escaping on the 'Min length/characters' and 'Max length/characters' field configuration values. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the form builder interface. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Published: 2026-01-28T05:30:19.326Z
Updated: 2026-04-08T17:13:20.372Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4036 |
vulnerable | 2026-06-03 14:48:34.962641 |
Appointment Hour Booking <= 1.3.72 - CAPTCHA Bypass
MEDIUM (5.3)
The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie.
Published: 2022-11-29T20:34:59.668Z
Updated: 2026-04-08T17:33:29.365Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4035 |
vulnerable | 2026-06-03 14:48:34.960710 |
Appointment Hour Booking <= 1.3.72 - Unauthenticated iFrame Injection via Appointment Form
HIGH (7.2)
The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for unauthenticated attackers to inject iFrames when submitting a booking that will execute whenever a user accesses the injected booking details page.
Published: 2022-11-29T20:32:28.799Z
Updated: 2026-04-08T17:04:59.039Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4034 |
vulnerable | 2026-06-03 14:48:34.959688 |
Appointment Hour Booking <= 1.3.72 - CSV Injection
MEDIUM (5.8)
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
Published: 2022-11-29T20:30:15.537Z
Updated: 2026-04-08T17:16:42.410Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.