cleantalk
Vulnerabilities and Security Researches

Appointment Hour Booking – WordPress Booking Plugin, CVE-2022-4034

CVE, Research URL

CVE-2022-4034

Home page URL

Security reports for Appointment Hour Booking – WordPress Booking Plugin

Application

Appointment Hour Booking – WordPress Booking Plugin

Published on
Nov 30, 2022
Research Description
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
Affected versions
max 1.3.73.
Status
vulnerable
Previous vulnerability researches
Appointment Hour Booking – WordPress Booking Plugin (CVE-2023-45649) , Mar 21, 2025
Appointment Hour Booking – WordPress Booking Plugin (CVE-2021-24712) , Jun 06, 2024
Appointment Hour Booking – WordPress Booking Plugin (CVE-2022-4036) , Jun 06, 2024
Appointment Hour Booking – WordPress Booking Plugin (CVE-2019-13505) , Jun 06, 2024
Appointment Hour Booking – WordPress Booking Plugin (CVE-2022-1710) , Jun 06, 2024
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026