cleantalk
Vulnerabilities and Security Researches

Appointment Hour Booking – WordPress Booking Plugin, CVE-2021-24673

CVE, Research URL

CVE-2021-24673

Home page URL

Security reports for Appointment Hour Booking – WordPress Booking Plugin

Application

Appointment Hour Booking – WordPress Booking Plugin

Published on
Oct 04, 2021
Research Description
The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Affected versions
max 1.3.16.
Status
vulnerable
Previous vulnerability researches
Appointment Hour Booking – WordPress Booking Plugin (CVE-2023-45649) , Mar 21, 2025
Appointment Hour Booking – WordPress Booking Plugin (CVE-2021-24712) , Jun 06, 2024
Appointment Hour Booking – WordPress Booking Plugin (CVE-2022-4036) , Jun 06, 2024
Appointment Hour Booking – WordPress Booking Plugin (CVE-2019-13505) , Jun 06, 2024
Appointment Hour Booking – WordPress Booking Plugin (CVE-2022-1710) , Jun 06, 2024
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026