CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32720 – WordPress Appointment Hour Booking plugin <= 1.4.56 - Captcha Bypass vulnerability
https://notcve.org/view.php?id=CVE-2024-32720
22 Apr 2024 — Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Appointment Hour Booking allows Removing Important Client Functionality.This issue affects Appointment Hour Booking: from n/a through 1.4.56. La vulnerabilidad de restricción incorrecta de intentos de autenticación excesivos en CodePeople Appointment Hour Booking permite eliminar funciones importantes del cliente. Este problema afecta a Appointment Hour Booking: desde n/a hasta 1.4.56. The Appointment Hour Booking plugin f... • https://patchstack.com/database/vulnerability/appointment-hour-booking/wordpress-appointment-hour-booking-plugin-1-4-56-captcha-bypass-vulnerability?_s_id=cve • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-804: Guessable CAPTCHA •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45649 – WordPress Appointment Hour Booking plugin <= 1.4.23 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-45649
11 Oct 2023 — Missing Authorization vulnerability in CodePeople Appointment Hour Booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Hour Booking: from n/a through 1.4.23. The Appointment Hour Booking plugin for WordPress is vulnerable to unauthorized double booking due to insufficient validation on the data_management() function in versions up to, and including, 1.4.23. This makes it possible for unauthenticated attackers to make double bookings. • https://patchstack.com/database/wordpress/plugin/appointment-hour-booking/vulnerability/wordpress-appointment-hour-booking-plugin-1-4-23-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •