cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-4036,https://securityvulnerability.io/vulnerability/CVE-2022-4036,CAPTCHA Bypass in Appointment Hour Booking Plugin for WordPress,"The Appointment Hour Booking plugin for WordPress has a vulnerability that allows attackers to bypass CAPTCHA protections due to the use of an insufficiently strong hashing algorithm on the CAPTCHA secret, which is also exposed to the user via a cookie. This weakness could enable unauthorized access to secure areas of a WordPress site in versions up to, and including, 1.3.72.",Wordpress,Appointment Hour Booking – WordPress Booking Plugin,5.3,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2022-11-29T20:34:59.668Z,0
CVE-2022-4035,https://securityvulnerability.io/vulnerability/CVE-2022-4035,iFrame Injection Vulnerability in Appointment Hour Booking Plugin for WordPress,"The Appointment Hour Booking plugin for WordPress suffers from an iFrame Injection vulnerability due to inadequate input sanitization and output escaping. This flaw allows unauthenticated attackers to inject malicious iFrame tags through the 'email' or general field parameters. Consequently, whenever a user accesses the booking details page, the injected iFrames will execute, potentially compromising user data and the overall security of the website.",Wordpress,Appointment Hour Booking – WordPress Booking Plugin,7.2,HIGH,0.0006500000017695129,false,,false,false,false,,false,false,2022-11-29T20:32:28.799Z,0
CVE-2022-4034,https://securityvulnerability.io/vulnerability/CVE-2022-4034,CSV Injection Vulnerability in Appointment Hour Booking Plugin for WordPress,"The Appointment Hour Booking Plugin for WordPress is susceptible to CSV Injection, allowing unauthenticated attackers to insert untrusted input during booking creation. This compromised content can be exported as a CSV file, which may lead to code execution if the file is downloaded and executed in a vulnerable environment. Users are advised to update their plugin to the latest version to mitigate these risks.",Wordpress,Appointment Hour Booking – WordPress Booking Plugin,5.8,MEDIUM,0.0015399999683722854,false,,false,false,false,,false,false,2022-11-29T20:30:15.537Z,0
CVE-2022-41692,https://securityvulnerability.io/vulnerability/CVE-2022-41692,WordPress Appointment Hour Booking plugin <= 1.3.71 - Missing Authorization vulnerability,Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress.,Wordpress,Appointment Hour Booking (WordPress Plugin),4.3,MEDIUM,0.0010400000028312206,false,,false,false,false,,false,false,2022-11-18T19:15:00.000Z,0
CVE-2022-1710,https://securityvulnerability.io/vulnerability/CVE-2022-1710,Appointment Hour Booking < 1.3.56 - Admin+ Stored Cross-Site Scripting,"The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.",Wordpress,Appointment Hour Booking – WordPress Booking Plugin,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-06-13T12:42:28.000Z,0
CVE-2021-24712,https://securityvulnerability.io/vulnerability/CVE-2021-24712,Appointment Hour Booking – WordPress Booking Plugin < 1.3.17 - Authenticated Stored XSS,The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars.,Wordpress,Appointment Hour Booking – WordPress Booking Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-10-11T10:45:47.000Z,0
CVE-2021-24673,https://securityvulnerability.io/vulnerability/CVE-2021-24673,Appointment Hour Booking < 1.3.16 - Authenticated Stored Cross-Site Scripting,"The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.",Wordpress,Appointment Hour Booking – WordPress Booking Plugin,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-10-04T11:20:18.000Z,0