CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32720 – WordPress Appointment Hour Booking plugin <= 1.4.56 - Captcha Bypass vulnerability
https://notcve.org/view.php?id=CVE-2024-32720
22 Apr 2024 — Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Appointment Hour Booking allows Removing Important Client Functionality.This issue affects Appointment Hour Booking: from n/a through 1.4.56. La vulnerabilidad de restricción incorrecta de intentos de autenticación excesivos en CodePeople Appointment Hour Booking permite eliminar funciones importantes del cliente. Este problema afecta a Appointment Hour Booking: desde n/a hasta 1.4.56. The Appointment Hour Booking plugin f... • https://patchstack.com/database/vulnerability/appointment-hour-booking/wordpress-appointment-hour-booking-plugin-1-4-56-captcha-bypass-vulnerability?_s_id=cve • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-804: Guessable CAPTCHA •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45649 – WordPress Appointment Hour Booking plugin <= 1.4.23 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-45649
11 Oct 2023 — Missing Authorization vulnerability in CodePeople Appointment Hour Booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Hour Booking: from n/a through 1.4.23. The Appointment Hour Booking plugin for WordPress is vulnerable to unauthorized double booking due to insufficient validation on the data_management() function in versions up to, and including, 1.4.23. This makes it possible for unauthenticated attackers to make double bookings. • https://patchstack.com/database/wordpress/plugin/appointment-hour-booking/vulnerability/wordpress-appointment-hour-booking-plugin-1-4-23-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4034 – Appointment Hour Booking <= 1.3.72 - CSV Injection
https://notcve.org/view.php?id=CVE-2022-4034
29 Nov 2022 — The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. El complemento Appointment Hour Booking para WordPress es ... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2803896%40appointment-hour-booking&new=2803896%40appointment-hour-booking&sfp_email=&sfph_mail= • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4035 – Appointment Hour Booking <= 1.3.72 - Unauthenticated iFrame Injection via Appointment Form
https://notcve.org/view.php?id=CVE-2022-4035
29 Nov 2022 — The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for unauthenticated attackers to inject iFrames when submitting a booking that will execute whenever a user accesses the injected booking details page. El complemento Appointment Hour Booking para WordPress es vulnerab... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2803896%40appointment-hour-booking&new=2803896%40appointment-hour-booking&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4036 – Appointment Hour Booking <= 1.3.72 - CAPTCHA Bypass
https://notcve.org/view.php?id=CVE-2022-4036
29 Nov 2022 — The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie. El complemento Appointment Hour Booking para WordPress es vulnerable a la omisión de CAPTCHA en versiones hasta la 1.3.72 incluida. Esto se debe al uso de un algoritmo hash insuficientemente potente en el secreto del CAPTCHA, que también se muestra al... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2803896%40appointment-hour-booking&new=2803896%40appointment-hour-booking&sfp_email=&sfph_mail= • CWE-326: Inadequate Encryption Strength CWE-804: Guessable CAPTCHA •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41692 – WordPress Appointment Hour Booking plugin <= 1.3.71 - Missing Authorization vulnerability
https://notcve.org/view.php?id=CVE-2022-41692
30 Oct 2022 — Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress. Vulnerabilidad de autorización faltante en el complemento Appointment Hour Booking en WordPress en versiones <= 1.3.71. The Appointment Hour Booking plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the cpapphb_feedback function in versions up to, and including, 1.3.71. This makes it possible for authenticated attackers, with subscriber-level permissions and above, ... • https://patchstack.com/database/vulnerability/appointment-hour-booking/wordpress-appointment-hour-booking-plugin-1-3-71-missing-authorization-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1710 – Appointment Hour Booking < 1.3.56 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1710
23 May 2022 — The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. El plugin Appointment Hour Booking para WordPress versiones anteriores a 1.3.56, no sanea y escapa de una configuración de sus campos de Calendario, lo que podría permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting incluso ... • https://wpscan.com/vulnerability/ed162ccc-88e6-41e8-b24d-1b9f77a038b6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24712 – Appointment Hour Booking – WordPress Booking Plugin < 1.3.17 - Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-24712
10 Sep 2021 — The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars. El plugin Appointment Hour Booking de WordPress versiones anteriores a 1.3.17, no sanea correctamente los valores usados cuando se crean nuevos calendarios • https://wpscan.com/vulnerability/e677e51b-0d3f-44a5-9fcd-c159786b9926 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24673 – Appointment Hour Booking < 1.3.16 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24673
06 Sep 2021 — The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. El plugin Appointment Hour Booking de WordPress versiones anteriores a 1.3.16, no escapa a algunos de los ajustes del formulario del calendario, que permite a usuarios con privilegios elevados llevar a cabo ataques de tipo Cross-Site Scripting Almacenado incluso cuan... • https://wpscan.com/vulnerability/75a67932-d831-4dfb-a70d-a07650eaa755 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13505 – Appointment Hour Booking – WordPress Booking Plugin <= 1.1.45 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-13505
09 Jul 2019 — The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1. El plugin Appointment Hour Booking versión 1.1.44 para WordPress, permite una vulnerabilidad de tipo XSS por medio del campo E-mail, como es demostrado por email_1. • https://github.com/ivoschyk-cs/CVE-s/blob/master/Appointment%20Hour%20Booking%20%E2%80%93%20WordPress%20Booking%20Plugin%20--%20stored%20XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •