CVE-2024-32720 – WordPress Appointment Hour Booking plugin <= 1.4.56 - Captcha Bypass vulnerability
https://notcve.org/view.php?id=CVE-2024-32720
Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Appointment Hour Booking allows Removing Important Client Functionality.This issue affects Appointment Hour Booking: from n/a through 1.4.56. La vulnerabilidad de restricción incorrecta de intentos de autenticación excesivos en CodePeople Appointment Hour Booking permite eliminar funciones importantes del cliente. Este problema afecta a Appointment Hour Booking: desde n/a hasta 1.4.56. The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.4.56. This makes it possible for unauthenticated attackers to bypass the Captcha Verification. • https://patchstack.com/database/vulnerability/appointment-hour-booking/wordpress-appointment-hour-booking-plugin-1-4-56-captcha-bypass-vulnerability?_s_id=cve • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-804: Guessable CAPTCHA •
CVE-2023-45649 – Appointment Hour Booking <= 1.4.23 - Missing Authorization to Double Booking
https://notcve.org/view.php?id=CVE-2023-45649
The Appointment Hour Booking plugin for WordPress is vulnerable to unauthorized double booking due to insufficient validation on the data_management() function in versions up to, and including, 1.4.23. This makes it possible for unauthenticated attackers to make double bookings. • CWE-862: Missing Authorization •