Dwbooster Appointment Hour Booking — known CVE vulnerabilities
Every CVE whose affected-product data names Dwbooster Appointment Hour Booking, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2022-4035 — CVSS 7.2 (high): The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in…
CVE-2019-13505 — CVSS 6.1 (medium): The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1.
CVE-2022-4034 — CVSS 5.8 (medium): The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it…
CVE-2021-24712 — CVSS 5.4 (medium): The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars.
CVE-2022-4036 — CVSS 5.3 (medium): The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to…
CVE-2022-1710 — CVSS 4.8 (medium): The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could…
CVE-2021-24673 — CVSS 4.8 (medium): The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege…