Skip to main content

Appointment Hour Booking

8 CVEs product

Monthly

CVE-2022-4036 MEDIUM PATCH This Month

The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Appointment Hour Booking
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-4035 HIGH PATCH This Week

The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Appointment Hour Booking
NVD VulDB
CVSS 3.1
7.2
EPSS
1.8%
CVE-2022-4034 MEDIUM PATCH This Month

The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required.

RCE WordPress Appointment Hour Booking
NVD VulDB
CVSS 3.1
5.8
EPSS
4.2%
CVE-2022-41692 HIGH This Week

Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Appointment Hour Booking
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-1710 MEDIUM POC This Month

The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Appointment Hour Booking
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24712 MEDIUM POC This Month

The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Appointment Hour Booking
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24673 MEDIUM POC This Month

The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Appointment Hour Booking
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2019-13505 MEDIUM POC This Month

The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Appointment Hour Booking
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Appointment Hour Booking
NVD VulDB
EPSS 2% CVSS 7.2
HIGH PATCH This Week

The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Appointment Hour Booking
NVD VulDB
EPSS 4% CVSS 5.8
MEDIUM PATCH This Month

The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required.

RCE WordPress Appointment Hour Booking
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Appointment Hour Booking
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Appointment Hour Booking
NVD WPScan
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Appointment Hour Booking
NVD WPScan
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Appointment Hour Booking
NVD WPScan
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Appointment Hour Booking
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy