CVE-2022-4034
First published: Tue Nov 29 2022(Updated: )
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dwbooster Appointment Hour Booking | <=1.3.72 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the Appointment Hour Booking Plugin for WordPress?
The vulnerability ID for the Appointment Hour Booking Plugin for WordPress is CVE-2022-4034.
What is the severity of CVE-2022-4034?
The severity of CVE-2022-4034 is high with a severity value of 7.8.
What is the affected software version of CVE-2022-4034?
The affected software version of CVE-2022-4034 is up to and including 1.3.72.
What is the CWE ID for CVE-2022-4034?
The CWE ID for CVE-2022-4034 is 1236.
How can I fix the vulnerability in the Appointment Hour Booking Plugin?
To fix the vulnerability in the Appointment Hour Booking Plugin, you should update to a version beyond 1.3.72.
- collector/nvd-index
- vendor/dwbooster
- canonical/dwbooster appointment hour booking
- version/dwbooster appointment hour booking/1.3.72