WordPress Plugin Vulnerabilities

Appointment Hour Booking < 1.3.73 - CSV Injection

Description

The plugin does not validate data when output it back in a CSV file, which could lead to CSV injection

Affects Plugins

Plugin icon
appointment-hour-booking
Fixed in 1.3.73

References

CVE
CVE-2022-4034

Classification

Type
CSV INJECTION
OWASP top 10
A1: Injection
CWE
CWE-1236
CVSS
4.7 (medium)

Miscellaneous

Original Researcher
Luca Greeb, Andreas Krüger
Verified
No
WPVDB ID
912dcba5-da93-4d0f-a4e6-5c1aec4f721f

Timeline

Publicly Published
2022-11-29 (about 3 years ago)
Added
2022-11-29 (about 3 years ago)
Last Updated
2022-11-29 (about 3 years ago)

Other

Published
Title
Published
2024-06-17
Title
Business Directory Plugin < 6.4.4 - Authenticated (Author+) CSV Injection
Published
2023-06-08
Title
Metform Elementor Contact Form Builder < 3.3.1 - Unauthenticated CSV Injection
Published
2022-10-21
Title
Contact Form Entries < 1.3.0 - CSV Injection
Published
2025-07-10
Title
Broken Link Notifier < 1.3.1 - Authenticated (Contributor+) CSV Injection
Published
2020-11-20
Title
Import and export users and customers < 1.16.3.6 - CSV Injection