🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Appointment Hour Booking – WordPress Booking Plugin

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Appointment Hour Booking – WordPress Booking Plugin

Information

Software Type	Plugin
Software Slug	appointment-hour-booking (view on wordpress.org)
Software Status	Active
Software Author	codepeople
Software Website	apphourbooking.dwbooster.com
Software Downloads	2,451,991
Software Active Installs	20,000
Software Record Last Updated	April 30, 2024

9 Vulnerabilities

Appointment Hour Booking <= 1.4.56 - Captcha Bypass

5.3

CVE-2024-32720

Apr 22, 2024

Researcher: Mochamad Sofyan

Appointment Hour Booking <= 1.3.72 - Unauthenticated iFrame Injection via Appointment Form

7.2

CVE-2022-4035

Nov 29, 2022

Researchers: Luca Greeb, Andreas Krüger

Appointment Hour Booking <= 1.3.72 - CSV Injection

5.8

CVE-2022-4034

Nov 29, 2022

Researchers: Luca Greeb, Andreas Krüger

Appointment Hour Booking <= 1.3.72 - CAPTCHA Bypass

5.3

CVE-2022-4036

Nov 29, 2022

Researchers: Luca Greeb, Andreas Krüger

Appointment Hour Booking <= 1.3.71 - Missing Authorization

4.3

CVE-2022-41692

Oct 30, 2022

Researcher: István Márton

Appointment Hour Booking <= 1.3.55 - Authenticated Stored Cross-Site Scripting

4.8

CVE-2022-1710

May 23, 2022

Researcher: Bruno Halltari

Appointment Hour Booking <= 1.3.16 - Cross-Site Scripting

6.4

CVE-2021-24712

Sep 10, 2021

Researcher: Shivam Rai

Appointment Hour Booking <= 1.3.15 Admin+ Stored Cross-Site Scripting

5.5

CVE-2021-24673

Sep 6, 2021

Researcher: Asif Nawaz Minhas

Appointment Hour Booking – WordPress Booking Plugin <= 1.1.45 - Cross-Site Scripting

6.1

CVE-2019-13505

Jul 9, 2019

Researcher: ivoschyk-cs

Title	CVE ID	CVSS	Researchers	Date
Appointment Hour Booking <= 1.4.56 - Captcha Bypass	CVE-2024-32720	5.3	Mochamad Sofyan	April 22, 2024
Appointment Hour Booking <= 1.3.72 - Unauthenticated iFrame Injection via Appointment Form	CVE-2022-4035	7.2	Luca Greeb, Andreas Krüger	November 29, 2022
Appointment Hour Booking <= 1.3.72 - CSV Injection	CVE-2022-4034	5.8	Luca Greeb, Andreas Krüger	November 29, 2022
Appointment Hour Booking <= 1.3.72 - CAPTCHA Bypass	CVE-2022-4036	5.3	Luca Greeb, Andreas Krüger	November 29, 2022
Appointment Hour Booking <= 1.3.71 - Missing Authorization	CVE-2022-41692	4.3	István Márton	October 30, 2022
Appointment Hour Booking <= 1.3.55 - Authenticated Stored Cross-Site Scripting	CVE-2022-1710	4.8	Bruno Halltari	May 23, 2022
Appointment Hour Booking <= 1.3.16 - Cross-Site Scripting	CVE-2021-24712	6.4	Shivam Rai	September 10, 2021
Appointment Hour Booking <= 1.3.15 Admin+ Stored Cross-Site Scripting	CVE-2021-24673	5.5	Asif Nawaz Minhas	September 6, 2021
Appointment Hour Booking – WordPress Booking Plugin <= 1.1.45 - Cross-Site Scripting	CVE-2019-13505	6.1	ivoschyk-cs	July 9, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation