🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Appointment Hour Booking – WordPress Booking Plugin

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Appointment Hour Booking – WordPress Booking Plugin

Information

Software Type	Plugin
Software Slug	appointment-hour-booking (view on wordpress.org)
Software Status	Active
Software Author	codepeople
Software Website	apphourbooking.dwbooster.com
Software Downloads	2,485,324
Software Active Installs	20,000
Software Record Last Updated	May 21, 2024

9 Vulnerabilities

Appointment Hour Booking – WordPress Booking Plugin <= 1.1.45 - Cross-Site Scripting

6.1

CVE-2019-13505

Jul 9, 2019

Researcher: ivoschyk-cs

Appointment Hour Booking <= 1.3.15 Admin+ Stored Cross-Site Scripting

5.5

CVE-2021-24673

Sep 6, 2021

Researcher: Asif Nawaz Minhas

Appointment Hour Booking <= 1.3.16 - Cross-Site Scripting

6.4

CVE-2021-24712

Sep 10, 2021

Researcher: Shivam Rai

Appointment Hour Booking <= 1.3.55 - Authenticated Stored Cross-Site Scripting

4.8

CVE-2022-1710

May 23, 2022

Researcher: Bruno Halltari

Appointment Hour Booking <= 1.3.71 - Missing Authorization

4.3

CVE-2022-41692

Oct 30, 2022

Researcher: István Márton

Appointment Hour Booking <= 1.3.72 - Unauthenticated iFrame Injection via Appointment Form

7.2

CVE-2022-4035

Nov 29, 2022

Researchers: Luca Greeb, Andreas Krüger

Appointment Hour Booking <= 1.3.72 - CSV Injection

5.8

CVE-2022-4034

Nov 29, 2022

Researchers: Luca Greeb, Andreas Krüger

Appointment Hour Booking <= 1.3.72 - CAPTCHA Bypass

5.3

CVE-2022-4036

Nov 29, 2022

Researchers: Luca Greeb, Andreas Krüger

Appointment Hour Booking <= 1.4.56 - Captcha Bypass

5.3

CVE-2024-32720

Apr 22, 2024

Researcher: Mochamad Sofyan

Title	Status	CVE ID	CVSS	Researchers	Date
Appointment Hour Booking – WordPress Booking Plugin <= 1.1.45 - Cross-Site Scripting	Patched	CVE-2019-13505	6.1	ivoschyk-cs	July 9, 2019
Appointment Hour Booking <= 1.3.15 Admin+ Stored Cross-Site Scripting	Patched	CVE-2021-24673	5.5	Asif Nawaz Minhas	September 6, 2021
Appointment Hour Booking <= 1.3.16 - Cross-Site Scripting	Patched	CVE-2021-24712	6.4	Shivam Rai	September 10, 2021
Appointment Hour Booking <= 1.3.55 - Authenticated Stored Cross-Site Scripting	Patched	CVE-2022-1710	4.8	Bruno Halltari	May 23, 2022
Appointment Hour Booking <= 1.3.71 - Missing Authorization	Patched	CVE-2022-41692	4.3	István Márton	October 30, 2022
Appointment Hour Booking <= 1.3.72 - Unauthenticated iFrame Injection via Appointment Form	Patched	CVE-2022-4035	7.2	Luca Greeb, Andreas Krüger	November 29, 2022
Appointment Hour Booking <= 1.3.72 - CSV Injection	Patched	CVE-2022-4034	5.8	Luca Greeb, Andreas Krüger	November 29, 2022
Appointment Hour Booking <= 1.3.72 - CAPTCHA Bypass	Patched	CVE-2022-4036	5.3	Luca Greeb, Andreas Krüger	November 29, 2022
Appointment Hour Booking <= 1.4.56 - Captcha Bypass	Patched	CVE-2024-32720	5.3	Mochamad Sofyan	April 22, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation