WordPress Plugin Vulnerabilities

Appointment Hour Booking < 1.3.73 - CAPTCHA Bypass

Description

The plugin does not have a strong hashing algorithm on the CAPTCHA secret, and displays it to the user via a cookie, which could allow them to bypass the protection in place

Affects Plugins

Plugin icon
appointment-hour-booking
Fixed in 1.3.73

References

CVE
CVE-2022-4036

Miscellaneous

Original Researcher
Luca Greeb, Andreas Krüger
Verified
No
WPVDB ID
c7619434-ba7b-40a0-a532-717bea736022

Timeline

Publicly Published
2022-11-29 (about 3 years ago)
Added
2022-11-29 (about 3 years ago)
Last Updated
2022-11-29 (about 3 years ago)

Other

Published
Title
Published
2016-06-21
Title
WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
Published
2025-11-10
Title
Hydra Booking < 1.1.28 - Unauthenticated Payment Bypass
Published
2023-07-27
Title
Change WP Admin < 1.1.4 - Secret Login Page Disclosure
Published
2022-01-06
Title
IP2Location Country Blocker < 2.26.5 - Ban Bypass
Published
2019-05-19
Title
Option Tree < 2.7.3 - Object Injection Bypass